1kprop(1M) System Administration Commands kprop(1M)
2
3
4
6 kprop - Kerberos database propagation program
7
9 /usr/lib/krb5/kprop [-d] [-f file] [-p port-number]
10 [-r realm] [-s keytab] [host]
11
12
14 kprop is a command-line utility used for propagating a Kerberos data‐
15 base from a master KDC to a slave KDC. This command must be run on the
16 master KDC. See the Solaris System Administration Guide, Vol. 6 on how
17 to set up periodic propagation between the master KDC and slave KDCs.
18
19
20 To propagate a Kerberos database, the following conditions must be met:
21
22 o The slave KDCs must have an /etc/krb5/kpropd.acl file that
23 contains the principals for the master KDC and all the slave
24 KDCs.
25
26 o A keytab containing a host principal entry must exist on
27 each slave KDC.
28
29 o The database to be propagated must be dumped to a file using
30 kdb5_util(1M).
31
33 The following options are supported:
34
35 -d Enable debug mode. Default is debug mode disabled.
36
37
38 -f file File to be sent to the slave KDC. Default is the
39 /var/krb5/slave_datatrans file.
40
41
42 -p port-number Propagate port-number. Default is port 754.
43
44
45 -r realm Realm where propagation will occur. Default realm is
46 the local realm.
47
48
49 -s keytab Location of the keytab. Default location is
50 /etc/krb5/krb5.keytab.
51
52
54 The following operands are supported:
55
56 host Name of the slave KDC.
57
58
60 Example 1 Propagating the Kerberos Database
61
62
63 The following example propagates the Kerberos database from the
64 /tmp/slave_data file to the slave KDC london. The machine london must
65 have a host principal keytab entry and the kpropd.acl file must contain
66 an entry for the all the KDCs.
67
68
69 # kprop -f /tmp/slave_data london
70
71
72
74 /etc/krb5/kpropd.acl List of principals of all the KDCs;
75 resides on each slave KDC.
76
77
78 /etc/krb5/krb5.keytab Keytab for Kerberos clients.
79
80
81 /var/krb5/slave_datatrans Kerberos database propagated to the KDC
82 slaves.
83
84
86 See attributes(5) for descriptions of the following attributes:
87
88
89
90
91 ┌─────────────────────────────┬─────────────────────────────┐
92 │ ATTRIBUTE TYPE │ ATTRIBUTE VALUE │
93 ├─────────────────────────────┼─────────────────────────────┤
94 │Availability │SUNWkdcu │
95 └─────────────────────────────┴─────────────────────────────┘
96
98 kpasswd(1), svcs(1), gkadmin(1M), inetadm(1M), inetd(1M), kadmind(1M),
99 kadmin.local(1M), kdb5_util(1M), svcadm(1M), kadm5.acl(4), kdc.conf(4),
100 attributes(5), kerberos(5), smf(5)
101
102
103
104
105
106
107SunOS 5.11 14 Nov 2005 kprop(1M)