1kpropd(1M) System Administration Commands kpropd(1M)
2
3
4
6 kpropd - Kerberos propagation daemon for slave KDCs
7
9 /usr/lib/krb5/kpropd [-d] [-f temp_dbfile] [-F dbfile]
10 [-p kdb_util] [-P port_number] [-r realm]
11 [-s srv_tabfile] [-S] [-a acl_file]
12
13
15 The kpropd command runs on the slave KDC server. It listens for update
16 requests made by kprop(1M) from the master KDC and periodically
17 requests incremental updates from the master KDC.
18
19
20 When the slave receives a kprop request from the master, kpropd copies
21 principal data to a temporary text file. Next, kpropd invokes
22 kdb5_util(1M) (unless a different database utility is selected) to load
23 the text file in database format.
24
25
26 When the slave periodically requests incremental updates, kpropd update
27 its principal.ulog file with any updates from the master. kproplog(1M)
28 can be used to view a summary of the update entry log on the slave KDC.
29
30
31 kpropd is not configured for incremental database propagation by
32 default. These settings can be changed in the kdc.conf(4) file:
33
34 sunw_dbprop_enable = [true | false]
35
36 Enables or disables incremental database propagation. Default is
37 false.
38
39
40 sunw_dbprop_slave_poll = N[s, m, h]
41
42 Specifies how often the slave KDC polls for any updates that the
43 master might have. Default is 2m (two minutes).
44
45
46
47 The kiprop/<hostname>@<REALM> principal must exist in the slave's
48 keytab file to enable the master to authenticate incremental propaga‐
49 tion requests from the slave. In this syntax, <hostname> is the slave
50 KDC's host name and <REALM> is the realm in which the slave KDC
51 resides.
52
54 The following options are supported:
55
56 -d Enable debug mode. Default is debug mode disabled.
57
58
59 -f temp_dbfile The location of the slave's temporary principal data‐
60 base file. Default is /var/krb5/from_master.
61
62
63 -F dbfile The location of the slave's principal database file.
64 Default is /var/krb5/principal.
65
66
67 -p kdb_util The location of the Kerberos database utility used
68 for loading principal databases. Default is
69 /usr/sbin/kdb5_util.
70
71
72 -P port_number Specifies the port number on which kpropd will lis‐
73 ten. Default is 754 (service name: krb5_prop).
74
75
76 -r realm Specifies from which Kerberos realm kpropd will
77 receive information. Default is specified in
78 /etc/krb5/krb5.conf.
79
80
81 -s srv_tabfile The location of the service table file used to
82 authenticate the kpropd daemon.
83
84
85 -S Run the daemon in standalone mode, instead of having
86 inetd listen for requests. Default is non-standalone
87 mode.
88
89
90 -a acl_file The location of the kpropd's access control list to
91 verify if this server can run the kpropd daemon. The
92 file contains a list of principal name(s) that will
93 be receiving updates. Default is
94 /etc/krb5/kpropd.acl.
95
96
98 /var/krb5/principal Kerberos principal database.
99
100
101 /var/krb5/principal.ulog The update log file.
102
103
104 /etc/krb5/kdc.conf KDC configuration information.
105
106
107 /etc/krb5/kpropd.acl List of principals of all the KDCs; resides
108 on each slave KDC.
109
110
111 /var/krb5/from_master Temporary file used by kpropd before load‐
112 ing this to the principal database.
113
114
116 See attributes(5) for descriptions of the following attributes:
117
118
119
120
121 ┌─────────────────────────────┬─────────────────────────────┐
122 │ ATTRIBUTE TYPE │ ATTRIBUTE VALUE │
123 ├─────────────────────────────┼─────────────────────────────┤
124 │Availability │SUNWkdcu │
125 ├─────────────────────────────┼─────────────────────────────┤
126 │Interface Stability │Evolving │
127 └─────────────────────────────┴─────────────────────────────┘
128
130 kdb5_util(1M), kprop(1M), kproplog(1M), kdc.conf(4), krb5.conf(4),
131 attributes(5), kerberos(5)
132
134 The kprop service is managed by the service management facility,
135 smf(5), under the service identifier:
136
137 svc:/network/security/krb5_prop:default
138
139
140
141
142 Administrative actions on this service, such as enabling, disabling, or
143 requesting restart, can be performed using svcadm(1M). Responsibility
144 for initiating and restarting this service is delegated to inetd(1M).
145 Use inetadm(1M) to make configuration changes and to view configuration
146 information for this service. The service's status can be queried using
147 the svcs(1) command.
148
149
150
151SunOS 5.11 11 Jul 2005 kpropd(1M)