ext_srvtab - extracts service key files.
/var/dss/kerberos/bin/ext_srvtab [-n] [hostname ...]
hostname Name of the service key file.
The utility extracts service key files from the Kerberos database. When you invoke the utility, it prompts you to enter the master key
string for the database. If the -n option is specified, ext_srvtab fetches the master key from the master key cache file, produced by
For each hostname that you specify in the command line, ext_srvtab creates the service key file hostname-new-srvtab. This file contains all
the entries in the Kerberos database with an instance field that matches hostname. In addition, the hostname-new-srvtab file contains all
the keys registered for Kerberos services that can run on the host specified in hostname.
Options-n Causes ext_srvtab utility to fetch the master key from the master key cache file.
FilesSee Alsokdb_edit(8krb), kdb_init(8krb), kdb_util(8krb), kdb_destroy(8krb)ext_srvtab(8krb)
Check Out this Related Man Page
kprop - Kerberos utility
/var/dss/kerberos/bin/kprop database slaves_file [ -force ] [ -safe | clear ]
The daemon runs on a Kerberos master and propagates the Kerberos database to the Kerberos slaves, where it is received by the waiting dae-
The first parameter, database, is the name of the file out of which data is extracted. This file is not the Kerberos database, See the
reference page for more information. The database is a file created by the command. It is an ASCII representation of the Kerberos data-
base (see the reference page for
The second parameter that must be supplied is slaves_file, the name of the file on the Kerberos master that lists the Kerberos slaves to
which propagates the Kerberos master database. The is created in format.
The Kerberos utility first determines whether the ASCII Kerberos database, database, was correctly dumped by It accomplishes this by deter-
mining if database is older than the file created by during the operation. If it is older, the dump did not succeed or is not yet fin-
ished. If the dump did not complete successfully or has not yet completed, the master database is not transferred to any Kerberos slave.
Otherwise, determines, for each slave server listed in the whether or not the database has changed since the last successful transfer to
the slave. It determines this for slave server by comparing the modification time of the file with the modification time of database. If
the file is newer, then the database, database, need not be transferred to Finally, propagates the database to those servers which need a
new copy of the database and updates the modification time of the file for these slave servers.
Options-safe Specifies that the data sent over the network is guaranteed to be authenticated at the destination and protected against modifica-
tions in transit. That is, and which are Kerberos principals, become Kerberos-authenticated to each other and send messages format-
ted by For more information about refer to the on-line reference page,
-clear Specifies that all data should be sent in cleartext (unencrypted). This switch is useful when first setting up the Kerberos envi-
-realm Specifies the realm name that you are in. If this option is not used, the realm_name is given in the file. (See the reference page
for more information.)
-force Forces the on the Kerberos master to propagate the Kerberos database to the Kerberos slaves, even if there are no recent changes to
the database. Without the force flag, the Kerberos database is not propagated if the database file has not changed since the last
The Kerberos utility does not support the transfer of encrypted data.
kpropd(8krb), krb.conf(5krb), kdb_util(8krb), krb_slaves(5krb), krb_dbase(8krb)kprop(8krb)