If incremental propagation has been configured, this procedure ensures that the information about the slave KDC has been updated.
Before You Begin
You must assume the root role. For more information, see Using Your Assigned Administrative Rights in Securing Users and Processes in Oracle Solaris 11.2 .
kdc1 # /usr/sbin/kproplog -h
kdc2 # /usr/sbin/kproplog -h
The following is a sample of results from running the kproplog command on the master KDC server.
kdc1 # /usr/sbin/kproplog -h Kerberos update log (/var/krb5/principal.ulog) Update log dump: Log version #: 1 Log state: Stable Entry block size: 2048 Number of entries: 2500 First serial #: 137966 Last serial #: 140465 First time stamp: Wed Dec 4 00:59:27 2013 Last time stamp: Wed Dec 4 01:06:13 2013
The following is a sample of results from running the kproplog command on a slave KDC server.
kdc2 # /usr/sbin/kproplog -h Kerberos update log (/var/krb5/principal.ulog) Update log dump: Log version #: 1 Log state: Stable Entry block size: 2048 Number of entries: 0 First serial #: None Last serial #: 140465 First time stamp: None Last time stamp: Wed Dec 4 01:06:13 2013
Notice that the values for the last serial number and the last timestamp are identical, which indicates that the slave is synchronized with the master KDC server.
In the slave KDC server output, notice that no update entries exist in the slave KDC server's update log. No entries exist because the slave KDC server does not keep a set of updates, unlike the master KDC server. Also, the KDC slave server does not include information about the first serial number or the first timestamp because this is not relevant information.