Propagating the Kerberos Server

Monitoring Propagation

Monitoring Propagation

You must regularly monitor database propagation between servers. Monitoring helps you to identify the following problems:

Primary-secondary link failure

Stalled propagation

To monitor the propagation, you need to examine the log file and the propagation queue files.

When propagation problems occur, the copies of the database on the secondary security servers do not match with the database on the primary security server. See “Comparing the Database to Its Copies” on page 265 for more information on detecting and resolving the mismatch condition.

For troubleshooting the resolution problems, see Chapter 11, “Troubleshooting,” on page 289.

Monitoring the Log File

You can use the log file to identify a secure connection failure between the primary and secondary security server. The syslog file contains the problems that occur while propagating data or while establishing a secure link between the servers for propagation.

$KPROPD is an unique header that identifies the errors generated by the propagation daemon, propd, in the syslog file. You can create a cron job to parse the log file at regular intervals and notify the security administrator or the system owner, for example, via paging or e-mail, when a critical error message is found.

Critical Error Messages

The following error messages indicate critical problems:

Authentication failed: hostname server error: error_name

Can’t find kpropd.ini registry key/file.

[hostname of peer] Can’t establish secure connection for propagation (errno=error_name); connect delay is seconds sec connect delay is seconds sec

Chapter 9

263

Page 263
Image 263
HP UX Kerberos Data Security Software manual Monitoring Propagation, Monitoring the Log File, Critical Error Messages