|
| Propagating the Kerberos Server |
|
| Monitoring Propagation |
|
| # rm |
Step | 3. | Restart the propagation daemon by using the following command: |
|
| # /opt/krb5/sbin/kpropd |
Step | 4. | Perform a full dump to all secondary security servers by using the |
|
| following command: |
|
| # /opt/krb5/admin/prpadmin full_dump |
|
| This process may take a lot of time if the database contains more than |
|
| 10,000 principals, and if many secondary security servers exist that act |
|
| as propagation servers. HP recommends you to initiate this process when |
|
| the administrative activity is low. |
|
| Propagation Failure |
|
| If propagation errors occur, complete the following troubleshooting steps: |
Step | 1. | Check that kpropd is running on both the secondary and primary |
|
| security servers. See the “Monitoring Propagation” on page 263 for more |
|
| information on restarting propagation. |
Step | 2. | Verify that the secret keys for each propagating server are properly |
|
| extracted to the service key table file. Use ktutil to purge any older |
|
| keys for the host/principal from the key table file. If necessary, modify |
|
| the host/principal to |
|
| and restart the daemons. |
Step | 3. | Review the kpropd.ini file for accuracy. The kpropd.ini file must |
|
| contain the |
|
| necessary, modify kpropd.ini. |
Step | 4. | Verify that the same date and time is set in all security servers. |
|
| Synchronize time on all the servers to match the primary security server |
|
| time. |
Step | 5. | Check resource utilization on the server. A 100 percent utilization on a |
|
| file system prevents kpropd from building queue files, which causes |
|
| propagation to stall or fail. Remove unnecessary files, and archive the log |
|
| files. |
Step | 6. | Restart the daemons as described in the“Setting Up Propagation” on |
|
|
Chapter 9 | 269 |