Installing, Configuring and Administering the Kerberos Server V 2.0 on HP-UX 11i
Propagation
Monitoring Propagation
Chapter 7 235
Restarting Propagation Using the Full Dump Method
An alternate process to the simple method is one that clears out the
propagation directory and restarts kpropd, which then starts a full dump
of the database to all secondary servers.
The following procedure initiates a full database dump to all the
secondary servers for that primary server. If the database is large, more
than 10,000 principals, and there are several secondary servers acting as
propagation servers, this process can take a long time to complete. It is
highly advised that this process is initiated after hours, or at least
during low-use hours.
On each security server:
Step 1. Stop the propagation daemon by using the kill command.
Step 2. Remove the propagation queue files:
# rm -r -f /opt/krb5/prop/*
Step 3. Restart the propagation daemon:
# /opt/krb5/sbin/kpropd
Step 4. Perform a full dump to all secondary servers:
# /opt/krb5/admin/prpadmin full_dump
Propagation Failure
If errors occur with propagation, perform the following troubleshooting
steps:
Step 1. Check that kpropd is running on both the secondary and primary servers
experiencing problems. Refer to the instructions in the “Monitoring
Propagation” on page 229 section for restarting propagation.
Step 2. Verify that the secret keys for each propagating server are properly
extracted to the service key table file. Use ktutil to purge any older
keys for the host/principal from the key table file. If necessary, modify
the host/ principal to re-extract keys, purge older keys from the
v5srvtab, and restart the daemons.
Step 3. Review the kpropd.ini file for accuracy. It should contain entries
defining the parent - child relationships for each security server. If
necessary, modify kpropd.ini.