Filter
Top Products
Propagating the Kerberos Server
The kpropd Daemon
Chapter 9248
The kpropd Daemon
The /opt/krb5/sbin/kpropd daemon propagates the principal database
from one server to another and starts running when the security server
starts up. It propagates principal records from a given security server to
kpropd on the receiving security server or to the propagation plug-in on
the receiving security server, if kpropd is not running on this security
system.
Propagation generally occurs downward through the propagation
hierarchy from parent server to child server as configured in the
kpropd.ini file.
During downward incremental propagation, kpropd refers to the
prop_q.wrk file for changes to principal records and propagates only
those records that have changed during the current propagation cycle.
When the failed authentication count of the principal increments,
kpropd initiates upward propagation. During an upward incremental
propagation, kpropd updates those principals on the primary security
server whose failed authentication count values are incremented during
the current propagation cycle. If propagation to a particular server fails,
kpropd writes the unpropagated principal records to a prop_
hostname
file on the host name server.
At the end of a successful propagation, each security server has an
up-to-date principal database, and each server above or below the
propagating server in the hierarchy has an empty prop_hostname file,
where
hostname
is the receiving server.
For a detailed description of propagation configuration, see “Setting Up
Propagation” on page 258.