How to Verify That the KDC Servers Are Synchronized
If incremental propagation has been configured, this procedure ensures that the information on the slave KDC has been updated.
-
On the KDC master server, run the kproplog command.
kdc1 # /usr/sbin/kproplog -h
-
On a KDC slave server, run the kproplog command.
kdc2 # /usr/sbin/kproplog -h
-
Check that the last serial # and the last timestamp values match.
Example 23–14 Verifying That the KDC Servers Are Synchronized
The following is a sample of results from running the kproplog command on the master KDC server.
kdc1 # /usr/sbin/kproplog -h
Kerberos update log (/var/krb5/principal.ulog)
Update log dump:
Log version #: 1
Log state: Stable
Entry block size: 2048
Number of entries: 2500
First serial #: 137966
Last serial #: 140465
First time stamp: Fri Nov 28 00:59:27 2004
Last time stamp: Fri Nov 28 01:06:13 2004
|
The following is a sample of results from running the kproplog command on a slave KDC server.
kdc2 # /usr/sbin/kproplog -h
Kerberos update log (/var/krb5/principal.ulog)
Update log dump:
Log version #: 1
Log state: Stable
Entry block size: 2048
Number of entries: 0
First serial #: None
Last serial #: 140465
First time stamp: None
Last time stamp: Fri Nov 28 01:06:13 2004
|
Notice that the values for the last serial number and the last timestamp are identical, which indicates that the slave is synchronized with the master KDC server.
In the slave KDC server output, notice that no update entries exist in the slave KDC server's update log. No entries exist because the slave KDC server does not keep a set of updates, unlike the master KDC server. Also, the KDC slave server does not include information on the first serial number or the first timestamp because this is not relevant information.
- © 2010, Oracle Corporation and/or its affiliates