Propagating the Kerberos Server

The kpropd.ini File

Sections

The kpropd.ini file stores configuration parameters required for propagation. This file contains the following sections:

The [default_values] section controls the various global propagation properties. The listed values apply to all security servers unless you override the defaults by specifying different values in the [secsrv_name] section for a given security server.

The [secsrv_name] section lists each security server in accordance with your propagation hierarchy. The listed values apply only to the specified server, where secsrv_name is the fully qualified domain name (FQDN) of the security server. You must configure the [secsrv_name] section for each security server in your realm in order to identify its parent-child relationships in the propagation hierarchy and override one or more default values for a given server. This is an optional parameter.

Following is a brief description of the kpropd.ini file sections:

 

The [default_values] Section

 

You cannot override the interval, service_name, or primary_realm

 

values that you set in the [default_values] section. In other words, the

 

values you set for these parameters in the [default_values] section

 

override any other value you assign to them in the subsequent

 

[secsrv_name] sections.

 

Following are the options in the [default_values] section:

 

interval = n [smhd]

 

Specifies how often to propagate database changes to

 

the other security servers, where n indicates the

 

number of seconds, minutes, hours, or days. The

 

default value is 15 seconds.

 

 

NOTE

Intervals less than 15 seconds may generate a lot of

 

network traffic during peak authentication.

 

key_exp=n[smhd]

 

252

Chapter 9

Page 251 Page 253
Page 252
Image 252
HP UX Kerberos Data Security Software manual Sections, Defaultvalues Section
Page 251 Page 253
Top Page Image Contents