UNIX keytab file and service accounts

8 More Discussions You Might Find Interesting

1. Shell Programming and Scripting

How to change passwords for User accounts on multiple UNIX/Linux machines remotely?

Hello Experts, Need some direction on creating shell script for following environment: We have about 20 people in the team working as Oracle DBA's (sysdba's and appdba's). Total Servers which is a mix of Unix and Linux are 200. We do not have Root user access on any of the servers and...

2. Shell Programming and Scripting

New To UNIX - Need Script to create report of user & group accounts

Hi, I'm new to the world of UNIX and have been asked to create a complex script (at least complex to me:confused:) for AIX UNIX to create a report of all the users on the server including server, user, UID, groups, GID, etc. Found a script using lsuser, but the output is still lacking. 2 things I...

3. Shell Programming and Scripting

script file which will automatically create accounts

How tocreate a script file which will automatically create accounts from a csv file

4. UNIX for Dummies Questions & Answers

System list of all UNIX login accounts

What is the command to list all UNIX system login accounts? What is the command to list all system password parameters for UNIX(minimum length, complexity,age, invalid lockout attempts, expiration date , user inactivity lockout)

5. UNIX for Dummies Questions & Answers

default unix accounts

Hi, Can someone tell me what the default unix accounts are? And what is the default unix admin pwd? Thanks!!

6. UNIX for Advanced & Expert Users

Clearing down old and dormant UNIX accounts

Hi Guys, First of all apologies if this is in the wrong topic. I have been given a task of coming up with an approach to identify unix accounts that are no longer in use by the user and applications, and need some ideas to of how to go about this. These accounts application accounts that...

7. Shell Programming and Scripting

Creating User Accounts from a list in file

I have a file that contains a list of names. I need a loop that creates user accounts to all the names in the list where username = names in file password = username Another question: how can i validate that a particular var is of 6 characters length I need an if statement that will...

8. Shell Programming and Scripting

Deleting some mails from Unix mail accounts

Hi there, Is there a way to delete some messages from the mail account on a Unix machine via a script?. Regards

LEARN ABOUT NETBSD

ipropd-slave

IPROP(8)						    BSD System Manager's Manual 						  IPROP(8)

NAME

     iprop, ipropd-master, ipropd-slave -- propagate changes to a Heimdal Kerberos master KDC to slave KDCs

SYNOPSIS

     ipropd-master [-c string | --config-file=string] [-r string | --realm=string] [-k kspec | --keytab=kspec] [-d file | --database=file]
		   [--slave-stats-file=file] [--time-missing=time] [--time-gone=time] [--detach] [--version] [--help]
     ipropd-slave [-c string | --config-file=string] [-r string | --realm=string] [-k kspec | --keytab=kspec] [--time-lost=time] [--detach]
		   [--version] [--help] master

DESCRIPTION

     ipropd-master is used to propagate changes to a Heimdal Kerberos database from the master Kerberos server on which it runs to slave Kerberos
     servers running ipropd-slave.

     The slaves are specified by the contents of the slaves file in the KDC's database directory, e.g. /var/heimdal/slaves.  This has principals
     one per-line of the form
	   iprop/slave@REALM
     where slave is the hostname of the slave server in the given REALM, e.g.
	   iprop/kerberos-1.example.com@EXAMPLE.COM
     On a slave, the argument master specifies the hostname of the master server from which to receive updates.

     In contrast to hprop(8), which sends the whole database to the slaves regularly, iprop normally sends only the changes as they happen on the
     master.  The master keeps track of all the changes by assigning a version number to every change to the database.	The slaves know which was
     the latest version they saw, and in this way it can be determined if they are in sync or not.  A log of all the changes is kept on the mas-
     ter.  When a slave is at an older version than the oldest one in the log, the whole database has to be sent.

     The changes are propagated over a secure channel (on port 2121 by default).  This should normally be defined as ``iprop/tcp'' in
     /etc/services or another source of the services database.	The master and slaves must each have access to a keytab with keys for the iprop
     service principal on the local host.

     There is a keep-alive feature logged in the master's slave-stats file (e.g. /var/heimdal/slave-stats).

     Supported options for ipropd-master:

     -c string, --config-file=string

     -r string, --realm=string

     -k kspec, --keytab=kspec
	     keytab to get authentication from

     -d file, --database=file
	     Database (default per KDC)

     --slave-stats-file=file
	     file for slave status information

     --time-missing=time
	     time before slave is polled for presence (default 2 min)

     --time-gone=time
	     time of inactivity after which a slave is considered gone (default 5 min)

     --detach
	     detach from console

     --version

     --help

     Supported options for ipropd-slave:

     -c string, --config-file=string

     -r string, --realm=string

     -k kspec, --keytab=kspec
	     keytab to get authentication from

     --time-lost=time
	     time before server is considered lost (default 5 min)

     --detach
	     detach from console

     --version

     --help
     Time arguments for the relevant options above may be specified in forms like 5 min, 300 s, or simply a number of seconds.

FILES

     slaves, slave-stats in the database directory.

SEE ALSO

     krb5.conf(5), hprop(8), hpropd(8), iprop-log(8), kdc(8).

BSD
								   May 24, 2005 							       BSD

UNIX for Advanced & Expert Users