Propagating the Kerberos Server

 

 

Monitoring Propagation

 

 

# rm -r -f /opt/krb5/prop/*

Step

3.

Restart the propagation daemon by using the following command:

 

 

# /opt/krb5/sbin/kpropd

Step

4.

Perform a full dump to all secondary security servers by using the

 

 

following command:

 

 

# /opt/krb5/admin/prpadmin full_dump

 

 

This process may take a lot of time if the database contains more than

 

 

10,000 principals, and if many secondary security servers exist that act

 

 

as propagation servers. HP recommends you to initiate this process when

 

 

the administrative activity is low.

 

 

Propagation Failure

 

 

If propagation errors occur, complete the following troubleshooting steps:

Step

1.

Check that kpropd is running on both the secondary and primary

 

 

security servers. See the “Monitoring Propagation” on page 263 for more

 

 

information on restarting propagation.

Step

2.

Verify that the secret keys for each propagating server are properly

 

 

extracted to the service key table file. Use ktutil to purge any older

 

 

keys for the host/principal from the key table file. If necessary, modify

 

 

the host/principal to re-extract keys, purge older keys from v5srvtab,

 

 

and restart the daemons.

Step

3.

Review the kpropd.ini file for accuracy. The kpropd.ini file must

 

 

contain the parent-child relationship entries for each security server. If

 

 

necessary, modify kpropd.ini.

Step

4.

Verify that the same date and time is set in all security servers.

 

 

Synchronize time on all the servers to match the primary security server

 

 

time.

Step

5.

Check resource utilization on the server. A 100 percent utilization on a

 

 

file system prevents kpropd from building queue files, which causes

 

 

propagation to stall or fail. Remove unnecessary files, and archive the log

 

 

files.

Step

6.

Restart the daemons as described in the“Setting Up Propagation” on

 

 

page 258.

Chapter 9

269

Page 269
Image 269
HP UX Kerberos Data Security Software manual Propagation Failure