Propagating the Kerberos Server
Monitoring PropagationMonitoring PropagationYou must regularly monitor database propagation between servers. Monitoring helps you to identify the following problems:
•
•Stalled propagation
To monitor the propagation, you need to examine the log file and the propagation queue files.
When propagation problems occur, the copies of the database on the secondary security servers do not match with the database on the primary security server. See “Comparing the Database to Its Copies” on page 265 for more information on detecting and resolving the mismatch condition.
For troubleshooting the resolution problems, see Chapter 11, “Troubleshooting,” on page 289.
Monitoring the Log FileYou can use the log file to identify a secure connection failure between the primary and secondary security server. The syslog file contains the problems that occur while propagating data or while establishing a secure link between the servers for propagation.
$KPROPD is an unique header that identifies the errors generated by the propagation daemon, propd, in the syslog file. You can create a cron job to parse the log file at regular intervals and notify the security administrator or the system owner, for example, via paging or
The following error messages indicate critical problems:
Authentication failed: hostname server error: error_name
Can’t find kpropd.ini registry key/file.
[hostname of peer] Can’t establish secure connection for propagation (errno=error_name); connect delay is seconds sec connect delay is seconds sec
Chapter 9 | 263 |