Installing, Configuring and Administering the Kerberos Server V 2.0 on HP-UX 11i
Propagation
Monitoring Propagation
Chapter 7236
Step 4. Verify that the date/time is the same among all security servers.
Synchronize time on all the servers to match the primary security server
time.
Step 5. Check resource utilization on the server. If there is 100 percent
utilization of a file system, it can prevent kpropd from building queue
files, which will cause propagation to stall or fail. Remove unnecessary
files, and archive log files.
Step 6. Restart the daemons as described in the“Setting Up Propagation” on
page 224 section.
If you encounter the error message:
TGS: Error processing request from host
after installing a new secondary server and attempting propagation,
restart the daemons on the secondary server after the full dump has
completed.
Converting a Secondary Server to a Primary Server
You may need to convert a secondary server to a primary server, for
instance, during disaster recovery. To do this, we recommend reinstalling
the Kerberos Server software as follows:
Step 1. Verify the secondary server has an up-to-date copy of the principal
database. You may need to initiate a full dump of the database from the
current primary server. If your primary server has failed and you cannot
perform a full database dump or view the primary log files, review the
secondary server propagation log files to determine which secondary
server has the most recent database copy. Then copy the principal.* files
from the secondary server that has most recently successfully received
propagation data to the secondary server being converted to the primary.
Note that any changes that were made to the primary database before
the failure, but after the last successful propagation, are lost and must
be re-created.
Step 2. Retrieve the following files, either from the primary security server or
from the most recent primary security server backup.
• /opt/krb5/.k5.REALM, where REALM is the server’s default realm.
• krb.conf
• krb.realms