KPROP(8) System Manager's Manual KPROP(8)NAME
kprop - propagate a Kerberos V5 principal database to a slave server
SYNOPSIS
kprop [-r realm] [-f file] [-d] [-P port] [-s keytab] slave_host
DESCRIPTION
kprop is used to propagate a Kerberos V5 database dump file from the master Kerberos server to a slave Kerberos server, which is specfied
by slave_host. This is done by transmitting the dumped database file to the slave server over an encrypted, secure channel. The dump file
must be created by kdb5_util, and is normally KPROP_DEFAULT_FILE (/var/kerberos/krb5kdc/slave_datatrans).
OPTIONS -r realm
specifies the realm of the master server; by default the realm returned by krb5_default_local_realm(3) is used.
-f file
specifies the filename where the dumped principal database file is to be found; by default the dumped database file is
KPROP_DEFAULT_FILE (normally /var/kerberos/slave_datatrans).
-P port
specifies the port to use to contact the kpropd server on the remote host.
-d prints debugging information.
-s keytab
specifies the location of the keytab file.
SEE ALSO kpropd(8), kdb5_util(8), krb5kdc(8)KPROP(8)
Check Out this Related Man Page
kprop(1M) System Administration Commands kprop(1M)NAME
kprop - Kerberos database propagation program
SYNOPSIS
/usr/lib/krb5/kprop [-d] [-f file] [-p port-number]
[-r realm] [-s keytab] [host]
DESCRIPTION
kprop is a command-line utility used for propagating a Kerberos database from a master KDC to a slave KDC. This command must be run on the
master KDC. See the Solaris System Administration Guide, Vol. 6 on how to set up periodic propagation between the master KDC and slave
KDCs.
To propagate a Kerberos database, the following conditions must be met:
o The slave KDCs must have an /etc/krb5/kpropd.acl file that contains the principals for the master KDC and all the slave KDCs.
o A keytab containing a host principal entry must exist on each slave KDC.
o The database to be propagated must be dumped to a file using kdb5_util(1M).
OPTIONS
The following options are supported:
-d Enable debug mode. Default is debug mode disabled.
-f file File to be sent to the slave KDC. Default is the /var/krb5/slave_datatrans file.
-p port-number Propagate port-number. Default is port 754.
-r realm Realm where propagation will occur. Default realm is the local realm.
-s keytab Location of the keytab. Default location is /etc/krb5/krb5.keytab.
OPERANDS
The following operands are supported:
host Name of the slave KDC.
EXAMPLES
Example 1 Propagating the Kerberos Database
The following example propagates the Kerberos database from the /tmp/slave_data file to the slave KDC london. The machine london must have
a host principal keytab entry and the kpropd.acl file must contain an entry for the all the KDCs.
# kprop -f /tmp/slave_data london
FILES
/etc/krb5/kpropd.acl List of principals of all the KDCs; resides on each slave KDC.
/etc/krb5/krb5.keytab Keytab for Kerberos clients.
/var/krb5/slave_datatrans Kerberos database propagated to the KDC slaves.
ATTRIBUTES
See attributes(5) for descriptions of the following attributes:
+-----------------------------+-----------------------------+
| ATTRIBUTE TYPE | ATTRIBUTE VALUE |
+-----------------------------+-----------------------------+
|Availability |SUNWkdcu |
+-----------------------------+-----------------------------+
SEE ALSO kpasswd(1), svcs(1), gkadmin(1M), inetadm(1M), inetd(1M), kadmind(1M), kadmin.local(1M), kdb5_util(1M), svcadm(1M), kadm5.acl(4),
kdc.conf(4), attributes(5), kerberos(5), smf(5)SunOS 5.11 14 Nov 2005 kprop(1M)