Propagating the Kerberos Server
Monitoring Propagation
[hostname of peer] Can’t connect to subscriber to
propagate principal database information [hostname of peer] could not get service ticket [hostname of peer] full_dump failed
[hostname of peer] not enough memory to allocate work buffer Not enough free system resources to run or start the propagation system.
Propagation system aborting.
Not enough system resources free to read from propagation queue
Propagation system aborting.
Out of memory
For more information on resolving the problems, see “Propagation
Failure” on page 269.
Monitoring Propagation Queue Files
The propagation queue file, prop_q, contains the database changes that occur on the primary security server. The kpropd daemon reads the prop_q file that lists all principals that have changed since the last propagation cycle. At the end of a successful propagation cycle, all the security servers have
To indicate successful propagation, kpropd creates a
Monitoring Old File Date and Large File Size
In rare cases, a propagation failure or stall may occur without indicating an error message in the syslog file. Undertake additional monitoring measures to check for proper functioning of the propagation system. You can monitor the propagation queue files for unusual characteristics, such as old file creation date or large file size. Under normal conditions, these files are created, deleted, and appended many times in a day. For example, if a prop_q.wrk file exists with a file creation date older than 24 hours from current time, or if the prop_q file size is unusually large, the propagation cycle may be stalled.
264 | Chapter 9 |
