kpropd - Kerberos V5 slave KDC update server
kprop [ -r realm ] [ -f slave_dumpfile ] [ -F principal_database ] [ -p kdb5_util_prog ] [
-d ] [ -S ] [ -P port ]
kpropd is the server which accepts connections from the kprop(8) program. kpropd accepts
the dumped KDC database and places it in a file, and then runs kdb5_util(8) to load the
dumped database into the active database which is used by krb5kdc(8). Thus, the master
Kerberos server can use kprop(8) to propagate its database to the slave slavers. Upon a
successful download of the KDC database file, the slave Kerberos server will have an up-
to-date KDC database.
Normally, kpropd is invoked out of inetd(8). This is done by adding a line to the
inetd.conf file which looks like this:
kprop stream tcp nowait root /usr/kerberos/sbin/kpropd kpropd
However, kpropd can also run as a standalone deamon, if the -S option is turned on. This
is done for debugging purposes, or if for some reason the system administrator just
doesn't want to run it out of inetd(8).
specifies the realm of the master server; by default the realm returned by
krb5_default_local_realm(3) is used.
specifies the filename where the dumped principal database file is to be stored; by
default the dumped database file is KPROPD_DEFAULT_FILE (normally /var/ker-
-p allows the user to specify the pathname to the kdb5_util(8) program; by default the
pathname used is KPROPD_DEFAULT_KDB5_UTIL (normally /usr/kerberos/sbin/kdb5_util).
-S turn on standalone mode. Normally, kpropd is invoked out of inetd(8) so it expects
a network connection to be passed to it from inetd (8). If the -S option is speci-
fied, kpropd will put itself into the background, and wait for connections to the
KPROP_SERVICE port (normally krb5_prop).
-d turn on debug mode. In this mode, if the -S option is selected, kpropd will not
detach itself from the current job and run in the background. Instead, it will run
in the foreground and print out debugging messages during the database propagation.
-P allow for an alternate port number for kpropd to listen on. This is only useful if
the program is run in standalone mode.
kpropd.acl Access file for kpropd. Each entry is a line containing the principal of a
host from which the local machine will allow Kerberos database propagation via
kprop(8), kdb5_util(8), krb5kdc(8), inetd(8)