Installing, Configuring and Administering the Kerberos Server V 2.0 on HP-UX 11i
Propagation
kpropd
Chapter 7214
kpropd
The kpropd daemon propagates the principal database from one server
to another. This daemon runs on startup of the security server. It
propagates principal records from a given security server to the kpropd
on the receiving security server or the propagation plug-in on the
receiving security server, if kpropd is not running on this security
system.
This daemon is generally located at,
# /opt/krb5/sbin
Propagation generally occurs downward through the propagation
hierarchy from parent server to child server as configured in the
kpropd.ini file.
During downward incremental propagation, kpropd references the
prop_q.wrk file for changes to principal records and propagates only
those records that have changed during the current propagation cycle.
When a principal’s failed authentication count increments, kpropd
initiates upward propagation. During an upward incremental
propagation, kpropd updates those principals on the primary server
whose failed authentication count values incremented during the current
propagation cycle. If propagation to a particular server fails, kpropd
writes the un-propagated principal records to a prop_hostname file on
the hostname server.
At the end of a successful propagation, each security server has an
up-to-date principal database, and each server above or below the
propagating server in the hierarchy has an empty prop_hostname file,
where hostname is the receiving server.
For a detailed description of propagation configuration, refer to “Setting
Up Propagation” on page 224.