KPROP(8) MIT Kerberos KPROP(8)NAME
kprop - propagate a Kerberos V5 principal database to a slave server
SYNOPSIS
kprop [-r realm] [-f file] [-d] [-P port] [-s keytab] slave_host
DESCRIPTION
kprop is used to securely propagate a Kerberos V5 database dump file from the master Kerberos server to a slave Kerberos server, which is
specified by slave_host. The dump file must be created by kdb5_util(8).
OPTIONS -r realm
Specifies the realm of the master server.
-f file
Specifies the filename where the dumped principal database file is to be found; by default the dumped database file is normally
/var/kerberos/krb5kdc/slave_datatrans.
-P port
Specifies the port to use to contact the kpropd(8) server on the remote host.
-d Prints debugging information.
-s keytab
Specifies the location of the keytab file.
ENVIRONMENT
kprop uses the following environment variable:
o KRB5_CONFIG
SEE ALSO kpropd(8), kdb5_util(8), krb5kdc(8)AUTHOR
MIT
COPYRIGHT
1985-2013, MIT
1.11.3KPROP(8)
Check Out this Related Man Page
KPROPD(8) System Manager's Manual KPROPD(8)NAME
kpropd - Kerberos V5 slave KDC update server
SYNOPSIS
kprop [ -r realm ] [ -f slave_dumpfile ] [ -F principal_database ] [ -p kdb5_util_prog ] [ -d ] [ -S ] [ -P port ]
DESCRIPTION
kpropd is the server which accepts connections from the kprop(8) program. kpropd accepts the dumped KDC database and places it in a file,
and then runs kdb5_util(8) to load the dumped database into the active database which is used by krb5kdc(8). Thus, the master Kerberos
server can use kprop(8) to propagate its database to the slave slavers. Upon a successful download of the KDC database file, the slave
Kerberos server will have an up-to-date KDC database.
Normally, kpropd is invoked out of inetd(8). This is done by adding a line to the inetd.conf file which looks like this:
kprop stream tcp nowait root /usr/kerberos/sbin/kpropd kpropd
However, kpropd can also run as a standalone deamon, if the -S option is turned on. This is done for debugging purposes, or if for some
reason the system administrator just doesn't want to run it out of inetd(8).
OPTIONS -r realm
specifies the realm of the master server; by default the realm returned by krb5_default_local_realm(3) is used.
-f file
specifies the filename where the dumped principal database file is to be stored; by default the dumped database file is
KPROPD_DEFAULT_FILE (normally /var/kerberos/from_master).
-p allows the user to specify the pathname to the kdb5_util(8) program; by default the pathname used is KPROPD_DEFAULT_KDB5_UTIL (nor-
mally /usr/kerberos/sbin/kdb5_util).
-S turn on standalone mode. Normally, kpropd is invoked out of inetd(8) so it expects a network connection to be passed to it from
inetd (8). If the -S option is specified, kpropd will put itself into the background, and wait for connections to the KPROP_SERVICE
port (normally krb5_prop).
-d turn on debug mode. In this mode, if the -S option is selected, kpropd will not detach itself from the current job and run in the
background. Instead, it will run in the foreground and print out debugging messages during the database propagation.
-P allow for an alternate port number for kpropd to listen on. This is only useful if the program is run in standalone mode.
FILES
kpropd.acl Access file for kpropd. Each entry is a line containing the principal of a host from which the local machine will allow Ker-
beros database propagation via kprop.
SEE ALSO kprop(8), kdb5_util(8), krb5kdc(8), inetd(8)KPROPD(8)