Installing, Configuring and Administering the Kerberos Server V 2.0 on HP-UX 11i

ManualsBrandsHP ManualsSoftwareHP-UX Kerberos Data Security Software

211

212

213

214

215

216

217

218

219

220

Propagation

kpropd.ini

Chapter 7 217

kpropd.ini

The kpropd.ini ﬁle is the propagation conﬁguration ﬁle mkpropcf

creates using the information from the local krb.conf ﬁle. This ﬁle is

generally located at:

/opt/krb5

Ensure that only authorized users have access to this ﬁle. Unauthorized

access to kpropd.ini could jeopardize the integrity of your realm.

Intruders who modify or replace entries could also modify your principal

database.

If you add or remove servers from the propagation hierarchy, that is, you

modify the kpropd.ini ﬁle, you must stop and restart the kpropd

daemon on each security server. Stopping and restarting the kpropd

daemon ensures that the servers correctly propagate to any new servers

added and do not propagate to the servers removed from the kpropd.ini

ﬁle.

The general syntax of this ﬁle is:

[default_values]

interval=n[s|m|h|d]

key_exp=n[s|m|h|d]

max_cache=n[K|M]

max_retry_delay=n[s|m|h|d]

net_timeout=n[s|m|h|d]

port=port_name

primay_realm=DEFAULT_REALM

realms=[all|realm1[realm2][,...]]

service_name=service_principal_name

[secsrv1_name]

child=secsrv2_name

[secsrv2_name]

child1=secsrv3_name

child2=secsrv4_name

parent=secsrv1_name

Format

When adding entries in the kpropd.ini ﬁle, consider the following:

• Specify values with a statement of the type: