Linux and UNIX Man Pages

Linux & Unix Commands - Search Man Pages

kprop(8krb) [ultrix man page]

kprop(8krb)															       kprop(8krb)

       kprop - Kerberos utility

       /var/dss/kerberos/bin/kprop database slaves_file [ -force ] [ -safe | clear ]
       [-realm realm_name]

       The  daemon runs on a Kerberos master and propagates the Kerberos database to the Kerberos slaves, where it is received by the waiting dae-

       The first parameter, database, is the name of the file out of which data is extracted.  This file is not the  Kerberos  database,  See  the
       reference  page	for more information.  The database is a file created by the command.  It is an ASCII representation of the Kerberos data-
       base (see the reference page for

       The second parameter that must be supplied is slaves_file, the name of the file on the Kerberos master that lists the  Kerberos	slaves	to
       which propagates the Kerberos master database.  The is created in format.

       The Kerberos utility first determines whether the ASCII Kerberos database, database, was correctly dumped by It accomplishes this by deter-
       mining if database is older than the file created by during the operation.  If it is older, the dump did not succeed or	is  not  yet  fin-
       ished.	If  the dump did not complete successfully or has not yet completed, the master database is not transferred to any Kerberos slave.
       Otherwise, determines, for each slave server listed in the whether or not the database has changed since the last  successful  transfer	to
       the  slave.  It determines this for slave server by comparing the modification time of the file with the modification time of database.	If
       the file is newer, then the database, database, need not be transferred to Finally, propagates the database to those servers which  need  a
       new copy of the database and updates the modification time of the file for these slave servers.

       -safe  Specifies  that  the data sent over the network is guaranteed to be authenticated at the destination and protected against modifica-
	      tions in transit.  That is, and which are Kerberos principals, become Kerberos-authenticated to each other and send messages format-
	      ted by For more information about refer to the on-line reference page,

       -clear Specifies  that  all data should be sent in cleartext (unencrypted).  This switch is useful when first setting up the Kerberos envi-

       -realm Specifies the realm name that you are in.  If this option is not used, the realm_name is given in the file.  (See the reference page
	      for more information.)

       -force Forces  the on the Kerberos master to propagate the Kerberos database to the Kerberos slaves, even if there are no recent changes to
	      the database.  Without the force flag, the Kerberos database is not propagated if the database file has not changed since  the  last
	      successful transfer.

       The Kerberos utility does not support the transfer of encrypted data.

       See Also
	      kpropd(8krb), krb.conf(5krb), kdb_util(8krb), krb_slaves(5krb), krb_dbase(8krb)


Check Out this Related Man Page

kprop(1M)						  System Administration Commands						 kprop(1M)

kprop - Kerberos database propagation program SYNOPSIS
/usr/lib/krb5/kprop [-d] [-f file] [-p port-number] [-r realm] [-s keytab] [host] DESCRIPTION
kprop is a command-line utility used for propagating a Kerberos database from a master KDC to a slave KDC. This command must be run on the master KDC. See the Solaris System Administration Guide, Vol. 6 on how to set up periodic propagation between the master KDC and slave KDCs. To propagate a Kerberos database, the following conditions must be met: o The slave KDCs must have an /etc/krb5/kpropd.acl file that contains the principals for the master KDC and all the slave KDCs. o A keytab containing a host principal entry must exist on each slave KDC. o The database to be propagated must be dumped to a file using kdb5_util(1M). OPTIONS
The following options are supported: -d Enable debug mode. Default is debug mode disabled. -f file File to be sent to the slave KDC. Default is the /var/krb5/slave_datatrans file. -p port-number Propagate port-number. Default is port 754. -r realm Realm where propagation will occur. Default realm is the local realm. -s keytab Location of the keytab. Default location is /etc/krb5/krb5.keytab. OPERANDS
The following operands are supported: host Name of the slave KDC. EXAMPLES
Example 1: Propagating the Kerberos Database The following example propagates the Kerberos database from the /tmp/slave_data file to the slave KDC london. The machine london must have a host principal keytab entry and the kpropd.acl file must contain an entry for the all the KDCs. # kprop -f /tmp/slave_data london FILES
/etc/krb5/kpropd.acl List of principals of all the KDCs; resides on each slave KDC. /etc/krb5/krb5.keytab Keytab for Kerberos clients. /var/krb5/slave_datatrans Kerberos database propagated to the KDC slaves. ATTRIBUTES
See attributes(5) for descriptions of the following attributes: +-----------------------------+-----------------------------+ | ATTRIBUTE TYPE | ATTRIBUTE VALUE | +-----------------------------+-----------------------------+ |Availability |SUNWkdcu | +-----------------------------+-----------------------------+ SEE ALSO
kpasswd(1), svcs(1), gkadmin(1M), inetadm(1M), inetd(1M), kadmind(1M), kadmin.local(1M), kdb5_util(1M), svcadm(1M), kadm5.acl(4), kdc.conf(4), attributes(5), smf(5), SEAM(5) System Administration Guide: Security Services NOTES
The kprop service is managed by the service management facility, smf(5), under the service identifier: svc:/network/security/krb5_prop:default Administrative actions on this service, such as enabling, disabling, or requesting restart, can be performed using svcadm(1M). Responsibil- ity for initiating and restarting this service is delegated to inetd(1M). Use inetadm(1M) to make configuration changes and to view config- uration information for this service. The service's status can be queried using the svcs(1) command. SunOS 5.10 4 Nov 2004 kprop(1M)
Man Page