'\" te .\" Copyright 1987, 1989 by the Student Information Processing Board of the Massachusetts Institute of Technology. For copying and distribution information, please see the file kerberosv5/mit-sipb-copyright.h. .\" Portions Copyright (c) 2004, Sun Microsystems, Inc. All Rights Reserved. .\" The contents of this file are subject to the terms of the Common Development and Distribution License (the "License"). You may not use this file except in compliance with the License. .\" You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE or http://www.opensolaris.org/os/licensing. See the License for the specific language governing permissions and limitations under the License. .\" When distributing Covered Code, include this CDDL HEADER in each file and include the License file at usr/src/OPENSOLARIS.LICENSE. If applicable, add the following below this CDDL HEADER, with the fields enclosed by brackets "[]" replaced with your own identifying information: Portions Copyright [yyyy] [name of copyright owner] .TH kpropd 1M "11 Jul 2005" "SunOS 5.11" "System Administration Commands" .SH NAME kpropd \- Kerberos propagation daemon for slave KDCs .SH SYNOPSIS .LP .nf \fB/usr/lib/krb5/kpropd\fR [\fB-d\fR] [\fB-f\fR \fItemp_dbfile\fR] [\fB-F\fR \fIdbfile\fR] [\fB-p\fR \fIkdb_util\fR] [\fB-P\fR \fIport_number\fR] [\fB-r\fR \fIrealm\fR] [\fB-s\fR \fIsrv_tabfile\fR] [\fB-S\fR] [\fB-a\fR \fIacl_file\fR] .fi .SH DESCRIPTION .sp .LP The \fBkpropd\fR command runs on the slave KDC server. It listens for update requests made by \fBkprop\fR(1M) from the master KDC and periodically requests incremental updates from the master KDC. .sp .LP When the slave receives a kprop request from the master, \fBkpropd\fR copies principal data to a temporary text file. Next, \fBkpropd\fR invokes \fBkdb5_util\fR(1M) (unless a different database utility is selected) to load the text file in database format. .sp .LP When the slave periodically requests incremental updates, \fBkpropd\fR update its \fBprincipal.ulog\fR file with any updates from the master. \fBkproplog\fR(1M) can be used to view a summary of the update entry log on the slave KDC. .sp .LP kpropd is not configured for incremental database propagation by default. These settings can be changed in the \fBkdc.conf\fR(4) file: .sp .ne 2 .mk .na \fB\fBsunw_dbprop_enable = [true | false]\fR\fR .ad .sp .6 .RS 4n Enables or disables incremental database propagation. Default is \fBfalse\fR. .RE .sp .ne 2 .mk .na \fB\fBsunw_dbprop_slave_poll = N[s, m, h]\fR\fR .ad .sp .6 .RS 4n Specifies how often the slave KDC polls for any updates that the master might have. Default is \fB2m\fR (two minutes). .RE .sp .LP The \fBkiprop/\fI\fR@\fI\fR\fR principal must exist in the slave's \fBkeytab\fR file to enable the master to authenticate incremental propagation requests from the slave. In this syntax, \fI\fR is the slave KDC's host name and \fI\fR is the realm in which the slave KDC resides. .SH OPTIONS .sp .LP The following options are supported: .sp .ne 2 .mk .na \fB\fB-d\fR\fR .ad .RS 18n .rt Enable debug mode. Default is debug mode disabled. .RE .sp .ne 2 .mk .na \fB\fB-f\fR \fItemp_dbfile\fR\fR .ad .RS 18n .rt The location of the slave's temporary principal database file. Default is \fB/var/krb5/from_master\fR. .RE .sp .ne 2 .mk .na \fB\fB-F\fR \fIdbfile\fR\fR .ad .RS 18n .rt The location of the slave's principal database file. Default is \fB/var/krb5/principal\fR. .RE .sp .ne 2 .mk .na \fB\fB-p\fR \fIkdb_util\fR\fR .ad .RS 18n .rt The location of the Kerberos database utility used for loading principal databases. Default is \fB/usr/sbin/kdb5_util\fR. .RE .sp .ne 2 .mk .na \fB\fB-P\fR \fIport_number\fR\fR .ad .RS 18n .rt Specifies the port number on which \fBkpropd\fR will listen. Default is 754 (service name: \fBkrb5_prop\fR). .RE .sp .ne 2 .mk .na \fB\fB-r\fR \fIrealm\fR\fR .ad .RS 18n .rt Specifies from which Kerberos realm kpropd will receive information. Default is specified in \fB/etc/krb5/krb5.conf\fR. .RE .sp .ne 2 .mk .na \fB\fB-s\fR \fIsrv_tabfile\fR\fR .ad .RS 18n .rt The location of the service table file used to authenticate the \fBkpropd\fR daemon. .RE .sp .ne 2 .mk .na \fB\fB-S\fR\fR .ad .RS 18n .rt Run the daemon in standalone mode, instead of having \fBinetd\fR listen for requests. Default is non-standalone mode. .RE .sp .ne 2 .mk .na \fB\fB-a\fR \fIacl_file\fR\fR .ad .RS 18n .rt The location of the \fBkpropd\fR's access control list to verify if this server can run the \fBkpropd\fR daemon. The file contains a list of principal name(s) that will be receiving updates. Default is \fB/etc/krb5/kpropd.acl\fR. .RE .SH FILES .sp .ne 2 .mk .na \fB\fB/var/krb5/principal\fR\fR .ad .RS 28n .rt Kerberos principal database. .RE .sp .ne 2 .mk .na \fB\fB/var/krb5/principal.ulog\fR\fR .ad .RS 28n .rt The update log file. .RE .sp .ne 2 .mk .na \fB\fB/etc/krb5/kdc.conf\fR\fR .ad .RS 28n .rt KDC configuration information. .RE .sp .ne 2 .mk .na \fB\fB/etc/krb5/kpropd.acl\fR\fR .ad .RS 28n .rt List of principals of all the KDCs; resides on each slave KDC. .RE .sp .ne 2 .mk .na \fB\fB/var/krb5/from_master\fR\fR .ad .RS 28n .rt Temporary file used by kpropd before loading this to the principal database. .RE .SH ATTRIBUTES .sp .LP See \fBattributes\fR(5) for descriptions of the following attributes: .sp .sp .TS tab() box; cw(2.75i) |cw(2.75i) lw(2.75i) |lw(2.75i) . ATTRIBUTE TYPEATTRIBUTE VALUE _ Interface StabilityEvolving .TE .SH SEE ALSO .sp .LP \fBkdb5_util\fR(1M), \fBkprop\fR(1M), \fBkproplog\fR(1M), \fBkdc.conf\fR(4), \fBkrb5.conf\fR(4), \fBattributes\fR(5), \fBkerberos\fR(5) .SH NOTES .sp .LP The \fBkprop\fR service is managed by the service management facility, \fBsmf\fR(5), under the service identifier: .sp .in +2 .nf svc:/network/security/krb5_prop:default .fi .in -2 .sp .sp .LP Administrative actions on this service, such as enabling, disabling, or requesting restart, can be performed using \fBsvcadm\fR(1M). Responsibility for initiating and restarting this service is delegated to \fBinetd\fR(1M). Use \fBinetadm\fR(1M) to make configuration changes and to view configuration information for this service. The service's status can be queried using the \fBsvcs\fR(1) command.