Filter
Top Products
Propagating the Kerberos Server
The kpropd.ini File
Chapter 9 251
The kpropd.ini File
The /opt/krb5/kpropd.ini file is the propagation configuration file
created by the mkpropcf tool using the information from the local
krb.conf file.
Ensure that only authorized users have access to this file. Unauthorized
access to kpropd.ini can jeopardize the integrity of your realm.
Intruders who modify or replace entries can also modify your principal
database.
If you add or remove servers from the propagation hierarchy, that is, if
you modify the kpropd.ini file, stop and restart the kpropd daemon on
each security server. Stopping and restarting the kpropd daemon
ensures that the servers correctly propagate to any new server added
and do not propagate to the servers removed from the kpropd.ini file.
The general syntax for the kpropd.ini file is as follows:
[default_values]
interval=n[s|m|h|d]
key_exp=n[s|m|h|d]
max_cache=n[K|M]
max_retry_delay=n[s|m|h|d]
net_timeout=n[s|m|h|d]
port=port_name
primay_realm=DEFAULT_REALM
realms=[all|realm1[realm2][,...]]
service_name=service_principal_name
[secsrv1_name]
child=secsrv2_name
[secsrv2_name]
child1=secsrv3_name
child2=secsrv4_name
parent=secsrv1_name
When adding entries in the kpropd.ini file, consider the following:
• Specify values with a statement of the following type:
key_phrase = value
• Any character following a pound sign (#) on a given line is ignored as
comments. Blank lines are ignored.
• Use a backslash (\) to specify a line extension.