Propagating the Kerberos Server
Monitoring Propagation
Chapter 9 263
Monitoring Propagation
You must regularly monitor database propagation between servers.
Monitoring helps you to identify the following problems:
• Primary-secondary link failure
• Stalled propagation
To monitor the propagation, you need to examine the log file and the
propagation queue files.
When propagation problems occur, the copies of the database on the
secondary security servers do not match with the database on the
primary security server. See “Comparing the Database to Its Copies” on
page 265 for more information on detecting and resolving the mismatch
condition.
For troubleshooting the resolution problems, see Chapter 11,
“Troubleshooting,” on page 289.
Monitoring the Log File
You can use the log file to identify a secure connection failure between
the primary and secondary security server. The syslog file contains the
problems that occur while propagating data or while establishing a
secure link between the servers for propagation.
$KPROPD is an unique header that identifies the errors generated by the
propagation daemon, propd, in the syslog file. You can create a cron job
to parse the log file at regular intervals and notify the security
administrator or the system owner, for example, via paging or e-mail,
when a critical error message is found.
Critical Error Messages
The following error messages indicate critical problems:
Authentication failed: hostname server error: error_name
Can’t find kpropd.ini registry key/file.
[hostname of peer] Can’t establish secure connection for
propagation (errno=error_name); connect delay is seconds sec
connect delay is seconds sec
