Propagating the Kerberos Server

Propagation Hierarchy

Propagation Hierarchy

To authenticate users on the network, each secondary security server must contain the latest copy of the principal database, at all times. secondary security servers obtain the copy of the principal database from the primary security server using the database propagation service.

At predefined intervals, the database propagation service automatically copies database changes from the primary security server to its associated secondary security servers. The default propagation interval is 15 seconds.

A secondary security server acting as a propagation server can have other secondary security servers associated with it in a hierarchical configuration. In this case, a secondary security server that receives a copy of database changes from a primary security server through propagation must propagate those changes to other secondary security servers.

Propagation Relationships

You can define the relationship in a propagation hierarchy in the kpropd.ini file by assigning parent and child labels to servers. A parent server is a primary or secondary security server that propagates its database to another server. A child server is a secondary security server that receives the propagated database from another server. A child server may also act as a parent server for a different secondary security server.

Chapter 9

243

Page 243
Image 243
HP UX Kerberos Data Security Software manual Propagation Hierarchy, Propagation Relationships