Propagation
kpropd
kpropd
The kpropd daemon propagates the principal database from one server to another. This daemon runs on startup of the security server. It propagates principal records from a given security server to the kpropd on the receiving security server or the propagation
This daemon is generally located at,
# /opt/krb5/sbin
Propagation generally occurs downward through the propagation hierarchy from parent server to child server as configured in the kpropd.ini file.
During downward incremental propagation, kpropd references the prop_q.wrk file for changes to principal records and propagates only those records that have changed during the current propagation cycle.
When a principal’s failed authentication count increments, kpropd initiates upward propagation. During an upward incremental propagation, kpropd updates those principals on the primary server whose failed authentication count values incremented during the current propagation cycle. If propagation to a particular server fails, kpropd writes the
At the end of a successful propagation, each security server has an
For a detailed description of propagation configuration, refer to “Setting Up Propagation” on page 224.
214 | Chapter 7 |