1kpropd(1M)              System Administration Commands              kpropd(1M)
2
3
4

NAME

6       kpropd - Kerberos propagation daemon for slave KDCs
7

SYNOPSIS

9       /usr/lib/krb5/kpropd [-d] [-f temp_dbfile] [-F dbfile]
10            [-p kdb_util] [-P port_number] [-r realm]
11            [-s srv_tabfile] [-S] [-a acl_file]
12
13

DESCRIPTION

15       The  kpropd command runs on the slave KDC server. It listens for update
16       requests made  by  kprop(1M)  from  the  master  KDC  and  periodically
17       requests incremental updates from the master KDC.
18
19
20       When  the slave receives a kprop request from the master, kpropd copies
21       principal  data  to  a  temporary  text  file.  Next,  kpropd   invokes
22       kdb5_util(1M) (unless a different database utility is selected) to load
23       the text file in database format.
24
25
26       When the slave periodically requests incremental updates, kpropd update
27       its  principal.ulog file with any updates from the master. kproplog(1M)
28       can be used to view a summary of the update entry log on the slave KDC.
29
30
31       kpropd is  not  configured  for  incremental  database  propagation  by
32       default. These settings can be changed in the kdc.conf(4) file:
33
34       sunw_dbprop_enable = [true | false]
35
36           Enables  or  disables  incremental database propagation. Default is
37           false.
38
39
40       sunw_dbprop_slave_poll = N[s, m, h]
41
42           Specifies how often the slave KDC polls for any  updates  that  the
43           master might have. Default is 2m (two minutes).
44
45
46
47       The  kiprop/<hostname>@<REALM>  principal  must  exist  in  the slave's
48       keytab file to enable the master to authenticate  incremental  propaga‐
49       tion  requests  from the slave. In this syntax, <hostname> is the slave
50       KDC's host name and <REALM>  is  the  realm  in  which  the  slave  KDC
51       resides.
52

OPTIONS

54       The following options are supported:
55
56       -d                Enable debug mode. Default is debug mode disabled.
57
58
59       -f temp_dbfile    The location of the slave's temporary principal data‐
60                         base file. Default is /var/krb5/from_master.
61
62
63       -F dbfile         The location of the slave's principal database  file.
64                         Default is /var/krb5/principal.
65
66
67       -p kdb_util       The  location  of  the Kerberos database utility used
68                         for   loading   principal   databases.   Default   is
69                         /usr/sbin/kdb5_util.
70
71
72       -P port_number    Specifies  the  port number on which kpropd will lis‐
73                         ten. Default is 754 (service name: krb5_prop).
74
75
76       -r realm          Specifies  from  which  Kerberos  realm  kpropd  will
77                         receive   information.   Default   is   specified  in
78                         /etc/krb5/krb5.conf.
79
80
81       -s srv_tabfile    The location  of  the  service  table  file  used  to
82                         authenticate the kpropd daemon.
83
84
85       -S                Run  the daemon in standalone mode, instead of having
86                         inetd listen for requests. Default is  non-standalone
87                         mode.
88
89
90       -a acl_file       The  location  of the kpropd's access control list to
91                         verify if this server can run the kpropd daemon.  The
92                         file  contains  a list of principal name(s) that will
93                         be      receiving      updates.      Default       is
94                         /etc/krb5/kpropd.acl.
95
96

FILES

98       /var/krb5/principal         Kerberos principal database.
99
100
101       /var/krb5/principal.ulog    The update log file.
102
103
104       /etc/krb5/kdc.conf          KDC configuration information.
105
106
107       /etc/krb5/kpropd.acl        List of principals of all the KDCs; resides
108                                   on each slave KDC.
109
110
111       /var/krb5/from_master       Temporary file used by kpropd before  load‐
112                                   ing this to the principal database.
113
114

ATTRIBUTES

116       See attributes(5) for descriptions of the following attributes:
117
118
119
120
121       ┌─────────────────────────────┬─────────────────────────────┐
122       │      ATTRIBUTE TYPE         │      ATTRIBUTE VALUE        │
123       ├─────────────────────────────┼─────────────────────────────┤
124       │Availability                 │SUNWkdcu                     │
125       ├─────────────────────────────┼─────────────────────────────┤
126       │Interface Stability          │Evolving                     │
127       └─────────────────────────────┴─────────────────────────────┘
128

SEE ALSO

130       kdb5_util(1M),   kprop(1M),  kproplog(1M),  kdc.conf(4),  krb5.conf(4),
131       attributes(5), kerberos(5)
132

NOTES

134       The kprop service  is  managed  by  the  service  management  facility,
135       smf(5), under the service identifier:
136
137         svc:/network/security/krb5_prop:default
138
139
140
141
142       Administrative actions on this service, such as enabling, disabling, or
143       requesting restart, can be performed using  svcadm(1M).  Responsibility
144       for  initiating  and restarting this service is delegated to inetd(1M).
145       Use inetadm(1M) to make configuration changes and to view configuration
146       information for this service. The service's status can be queried using
147       the svcs(1) command.
148
149
150
151SunOS 5.11                        11 Jul 2005                       kpropd(1M)
Impressum