Propagation
Monitoring Propagation
|
| Restarting Propagation Using the Full Dump Method |
|
| An alternate process to the simple method is one that clears out the |
|
| propagation directory and restarts kpropd, which then starts a full dump |
|
| of the database to all secondary servers. |
|
| The following procedure initiates a full database dump to all the |
|
| secondary servers for that primary server. If the database is large, more |
|
| than 10,000 principals, and there are several secondary servers acting as |
|
| propagation servers, this process can take a long time to complete. It is |
|
| highly advised that this process is initiated after hours, or at least |
|
| during |
|
| On each security server: |
Step | 1. | Stop the propagation daemon by using the kill command. |
Step | 2. | Remove the propagation queue files: |
|
| # rm |
Step | 3. | Restart the propagation daemon: |
|
| # /opt/krb5/sbin/kpropd |
Step | 4. | Perform a full dump to all secondary servers: |
|
| # /opt/krb5/admin/prpadmin full_dump |
|
| Propagation Failure |
|
| If errors occur with propagation, perform the following troubleshooting |
|
| steps: |
Step | 1. | Check that kpropd is running on both the secondary and primary servers |
|
| experiencing problems. Refer to the instructions in the “Monitoring |
|
| Propagation” on page 229 section for restarting propagation. |
Step | 2. | Verify that the secret keys for each propagating server are properly |
|
| extracted to the service key table file. Use ktutil to purge any older |
|
| keys for the host/principal from the key table file. If necessary, modify |
|
| the host/ principal to |
|
| v5srvtab, and restart the daemons. |
Step | 3. | Review the kpropd.ini file for accuracy. It should contain entries |
|
| defining the parent - child relationships for each security server. If |
|
| necessary, modify kpropd.ini. |
Chapter 7 | 235 |