Propagation
kpropd.ini
kpropd.ini
The kpropd.ini file is the propagation configuration file mkpropcf creates using the information from the local krb.conf file. This file is generally located at:
#
/opt/krb5
Ensure that only authorized users have access to this file. Unauthorized access to kpropd.ini could jeopardize the integrity of your realm. Intruders who modify or replace entries could also modify your principal database.
If you add or remove servers from the propagation hierarchy, that is, you modify the kpropd.ini file, you must stop and restart the kpropd daemon on each security server. Stopping and restarting the kpropd daemon ensures that the servers correctly propagate to any new servers added and do not propagate to the servers removed from the kpropd.ini file.
The general syntax of this file is:
[default_values] interval=n[smhd] key_exp=n[smhd] max_cache=n[KM] max_retry_delay=n[smhd] net_timeout=n[smhd] port=port_name primay_realm=DEFAULT_REALM realms=[allrealm1[realm2][,...]] service_name=service_principal_name [secsrv1_name] child=secsrv2_name [secsrv2_name] child1=secsrv3_name child2=secsrv4_name parent=secsrv1_name
Format
When adding entries in the kpropd.ini file, consider the following:
•Specify values with a statement of the type:
Chapter 7 | 217 |