Improved kprop script

by Juliet Kemp

I run a master and slave Kerberos servers, which requires setting up kprop to run regularly on the master server in order to transfer any changes to the slave server. The usually suggested way of doing this is a 2-line script (dump to file, propagate file across), which runs from /etc/crontab with the output directed to /dev/null.

I didn't like this, because whilst I don't want (obviously) to get the SUCCEEEDED message emailed to me every time it propagates successfully, I do want to know about it in the event of failure. So I wrote this slightly improved script, which does just that.

#!/bin/sh
# Script to run automatic Kerberos dump & transfer to slave server

DUMPFILE=/etc/krb5kdc/slave_dump_file
RESULT=/etc/krb5kdc/slave_dump_result
SLAVE=server2.example.com
MAIL=sysadmin@example.com

/usr/sbin/kdb5_util dump $DUMPFILE
/usr/sbin/kprop -f $DUMPFILE $SLAVE > $RESULT

if grep -vq SUCCEEDED $RESULT ; then
        mail -s "Kerberos replication problem" $MAIL < $RESULT
fi

This goes in /etc/cron.hourly (if you wanted to run it more often you'd want to call it from /etc/crontab at whatever interval you prefer) and seems to work fine.


3 Comments

Félim Whiteley
2007-06-29 03:43:38
Thanks for the article, just a word on the RSS feed, seems thee is an error, maybe you could let someone know in O'Reilly I can't find a support mail address anyway ... sorry



Parse error: syntax error, unexpected '{', expecting ')' in /title/oreillynet/htdocs/blogs/linux/templates_c/%%7E^7E8^7E81FA2F%%mt%3A279.php on line 6

Juliet Kemp
2007-06-29 09:05:11
Thanks - I've reported it & hopefully it will get fixed!
Félim Whiteley
2007-07-03 00:55:50
Thanks, typically I found the mail address after that and fired them a mail too.. It's weird Konqueror didn't display it on the contacts page, but using Firefox did... oh well !