1kprop(1M)               System Administration Commands               kprop(1M)
2
3
4

NAME

6       kprop - Kerberos database propagation program
7

SYNOPSIS

9       /usr/lib/krb5/kprop [-d] [-f file] [-p port-number]
10            [-r realm] [-s keytab] [host]
11
12

DESCRIPTION

14       kprop  is  a command-line utility used for propagating a Kerberos data‐
15       base from a master KDC to a slave KDC. This command must be run on  the
16       master  KDC. See the Solaris System Administration Guide, Vol. 6 on how
17       to set up periodic propagation between the master KDC and slave KDCs.
18
19
20       To propagate a Kerberos database, the following conditions must be met:
21
22           o      The slave KDCs must have an /etc/krb5/kpropd.acl  file  that
23                  contains the principals for the master KDC and all the slave
24                  KDCs.
25
26           o      A keytab containing a host principal  entry  must  exist  on
27                  each slave KDC.
28
29           o      The database to be propagated must be dumped to a file using
30                  kdb5_util(1M).
31

OPTIONS

33       The following options are supported:
34
35       -d                Enable debug mode. Default is debug mode disabled.
36
37
38       -f file           File to be sent to the  slave  KDC.  Default  is  the
39                         /var/krb5/slave_datatrans file.
40
41
42       -p port-number    Propagate port-number. Default is port 754.
43
44
45       -r realm          Realm  where propagation will occur. Default realm is
46                         the local realm.
47
48
49       -s keytab         Location  of  the   keytab.   Default   location   is
50                         /etc/krb5/krb5.keytab.
51
52

OPERANDS

54       The following operands are supported:
55
56       host    Name of the slave KDC.
57
58

EXAMPLES

60       Example 1 Propagating the Kerberos Database
61
62
63       The  following  example  propagates  the  Kerberos  database  from  the
64       /tmp/slave_data file to the slave KDC london. The machine  london  must
65       have a host principal keytab entry and the kpropd.acl file must contain
66       an entry for the all the KDCs.
67
68
69         # kprop -f /tmp/slave_data london
70
71
72

FILES

74       /etc/krb5/kpropd.acl         List  of  principals  of  all  the   KDCs;
75                                    resides on each slave KDC.
76
77
78       /etc/krb5/krb5.keytab        Keytab for Kerberos clients.
79
80
81       /var/krb5/slave_datatrans    Kerberos  database  propagated  to the KDC
82                                    slaves.
83
84

ATTRIBUTES

86       See attributes(5) for descriptions of the following attributes:
87
88
89
90
91       ┌─────────────────────────────┬─────────────────────────────┐
92       │      ATTRIBUTE TYPE         │      ATTRIBUTE VALUE        │
93       ├─────────────────────────────┼─────────────────────────────┤
94       │Availability                 │SUNWkdcu                     │
95       └─────────────────────────────┴─────────────────────────────┘
96

SEE ALSO

98       kpasswd(1), svcs(1), gkadmin(1M), inetadm(1M), inetd(1M),  kadmind(1M),
99       kadmin.local(1M), kdb5_util(1M), svcadm(1M), kadm5.acl(4), kdc.conf(4),
100       attributes(5), kerberos(5), smf(5)
101
102
103
104
105
106
107SunOS 5.11                        14 Nov 2005                        kprop(1M)
Impressum