Propagating the Kerberos Server
Monitoring Propagation
| attempt is sent to the primary security server. However, if the |
| principal fails on one server as many times as specified by the |
| MaxFailAuthCnt parameter in the password policy file, that |
| principal is locked out. |
|
|
NOTE | HP authentication servers do not issue different messages for |
| different situations that cause authentication failure. For security |
| reasons, the error message displayed is the same for bad password, |
| bad user, or locked user. |
|
|
Situations such as incorrectly typed password or locked users, which cause authenticaton failure, are not sufficient to indicate an
An
The principal may fail to authenticate with the new password and reports the problem to the administrator. The problem is not solved in spite of reporting the problem repeatedly, which can indicate that the databases are
An indication of the propagation failure in the primary and secondary security server log files provides a clue to the
Both the machines must contain the same number of principals. Few discrepancies can exist if the database is dumped during a propagation cycle; only a few principals may differ due to an
266 | Chapter 9 |