Propagating the Kerberos Server
Monitoring Propagation
For example, a prop_hostname file that is older than 48 hours or is unusually large indicates a propagation problem between the primary and secondary security servers as specified in hostname.
Updating the principal.ok Time StampYou may notice that, by default, the time stamp of the principal.ok file on the primary security server does not update after propagation. On the primary security server, the principal.ok file retains the date when the database is initially created. Do not change this database unless the database is deleted and rebuilt.
On the secondary security server, the principal.ok file is updated each time a propagation full dump from the primary is successfully completed. During a full dump, the database updates are copied to temporary files on the secondary security server. When all of the temporary files are updated, they are put into place on the secondary security server as permanent database files. If a full dump is not completed, the principal database files on the secondary security server, including the principal.ok file, remain unchanged, and the date does not change.
Because most propagation occurs as incremental propagation, an old time stamp on the principal.ok file of the secondary security server does not necessarily indicate a propagation failure, whereas a new principal.ok file indicates a failure.
Comparing the Database to Its CopiesNo
You must periodically check that the primary and secondary databases are synchronized. An
The
Chapter 9 | 265 |