Filter
Top Products
Propagating the Kerberos Server
Monitoring Propagation
Chapter 9 269
# rm -r -f /opt/krb5/prop/*
Step 3. Restart the propagation daemon by using the following command:
# /opt/krb5/sbin/kpropd
Step 4. Perform a full dump to all secondary security servers by using the
following command:
# /opt/krb5/admin/prpadmin full_dump
This process may take a lot of time if the database contains more than
10,000 principals, and if many secondary security servers exist that act
as propagation servers. HP recommends you to initiate this process when
the administrative activity is low.
Propagation Failure
If propagation errors occur, complete the following troubleshooting steps:
Step 1. Check that kpropd is running on both the secondary and primary
security servers. See the “Monitoring Propagation” on page 263 for more
information on restarting propagation.
Step 2. Verify that the secret keys for each propagating server are properly
extracted to the service key table file. Use ktutil to purge any older
keys for the host/principal from the key table file. If necessary, modify
the host/principal to re-extract keys, purge older keys from v5srvtab,
and restart the daemons.
Step 3. Review the kpropd.ini file for accuracy. The kpropd.ini file must
contain the parent-child relationship entries for each security server. If
necessary, modify kpropd.ini.
Step 4. Verify that the same date and time is set in all security servers.
Synchronize time on all the servers to match the primary security server
time.
Step 5. Check resource utilization on the server. A 100 percent utilization on a
file system prevents kpropd from building queue files, which causes
propagation to stall or fail. Remove unnecessary files, and archive the log
files.
Step 6. Restart the daemons as described in the“Setting Up Propagation” on
page 258.