I run a master and slave Kerberos servers, which requires setting up kprop to run regularly on the master server in order to transfer any changes to the slave server. The usually suggested way of doing this is a 2-line script (dump to file, propagate file across), which runs from /etc/crontab with the output directed to /dev/null.

I didn’t like this, because whilst I don’t want (obviously) to get the SUCCEEEDED message emailed to me every time it propagates successfully, I do want to know about it in the event of

failure. So I wrote this slightly improved script, which does just that.

#!/bin/sh

# Script to run automatic Kerberos dump & transfer to slave server


DUMPFILE=/etc/krb5kdc/slave_dump_file

RESULT=/etc/krb5kdc/slave_dump_result

SLAVE=server2.example.com

MAIL=sysadmin@example.com


/usr/sbin/kdb5_util dump $DUMPFILE

/usr/sbin/kprop -f $DUMPFILE $SLAVE > $RESULT


if grep -vq SUCCEEDED $RESULT ; then

        mail -s "Kerberos replication problem" $MAIL 


This goes in /etc/cron.hourly (if you wanted to run it more often you'd want to call it from /etc/crontab at whatever interval you prefer) and seems to work fine.


Original post by Juliet Kemp





Share and Enjoy:
	These icons link to social bookmarking sites where readers can share and discover new web pages.


    
	
  • Digg
    • 
	
  • del.icio.us
    • 
	
  • Netvouz
    • 
	
  • DZone
    • 
	
  • ThisNext
    • 
	
  • MisterWong
    • 
	
  • Wists
    •