Propagation
kpropd.ini
child[n]=fqdn Specifies secsrv_name’s child security server in the
| propagation hierarchy, where fqdn is the fully qualified |
| domain name of the child server. A security server can |
| have zero or more child servers. |
| If more than one child server receives propagated |
| records from secsrv_name, include a complete child |
| configuration line for each additional child, where each |
| child is uniquely numbered with the suffix n, beginning |
| with child1. |
| You cannot override the interval, service_name, or |
NOTE | |
| primary_realm values that you set in the |
| [default_values] section. |
| Examples |
| |
| The sample [default_values] section below lists the default values |
| mkpropcf might create using information from the krb.conf file on a |
| primary security server that supports REALM1 as its default realm. The |
| propagation hierarchy that kpropd creates is derived from the security |
| servers that support the default realm. |
| The sample [secsrv_name] sections below illustrates a propagation |
| hierarchy where secsrv1 is the primary security server and the parent of |
| one secondary server, secsrv2. In addition, secsrv2 is the parent of the |
| secsrv3 and secsrv4 secondary servers. |
| secsrv1 and secsrv2 support two realms - REALM1 and REALM2. secsrv3 |
| only supports REALM1, while secsrv4 only supports REALM2. All servers |
| have a host/fqdn principal in REALM1. The Kerberos configuration files on |
| all servers contain the following entries: |
| REALM1 |
| REALM1 secsrv1.company.com admin server |
| REALM2 secsrv1.company.com admin server |
| REALM1 secsrv1.company.com |
| REALM2 secsrv2.company.com |
| REALM2 secsrv2.company.com |
| REALM1 secsrv3.company.com |
| REALM2 secsrv4.company.com |
Chapter 7 | 221 |