1*ae771770SStanislav Sedov.\" Copyright (c) 2000 - 2004 Kungliga Tekniska Högskolan 2bbd80c28SJacques Vidrine.\" (Royal Institute of Technology, Stockholm, Sweden). 3bbd80c28SJacques Vidrine.\" All rights reserved. 4bbd80c28SJacques Vidrine.\" 5bbd80c28SJacques Vidrine.\" Redistribution and use in source and binary forms, with or without 6bbd80c28SJacques Vidrine.\" modification, are permitted provided that the following conditions 7bbd80c28SJacques Vidrine.\" are met: 8bbd80c28SJacques Vidrine.\" 9bbd80c28SJacques Vidrine.\" 1. Redistributions of source code must retain the above copyright 10bbd80c28SJacques Vidrine.\" notice, this list of conditions and the following disclaimer. 11bbd80c28SJacques Vidrine.\" 12bbd80c28SJacques Vidrine.\" 2. Redistributions in binary form must reproduce the above copyright 13bbd80c28SJacques Vidrine.\" notice, this list of conditions and the following disclaimer in the 14bbd80c28SJacques Vidrine.\" documentation and/or other materials provided with the distribution. 15bbd80c28SJacques Vidrine.\" 16bbd80c28SJacques Vidrine.\" 3. Neither the name of the Institute nor the names of its contributors 17bbd80c28SJacques Vidrine.\" may be used to endorse or promote products derived from this software 18bbd80c28SJacques Vidrine.\" without specific prior written permission. 19bbd80c28SJacques Vidrine.\" 20bbd80c28SJacques Vidrine.\" THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND 21bbd80c28SJacques Vidrine.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 22bbd80c28SJacques Vidrine.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 23bbd80c28SJacques Vidrine.\" ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE 24bbd80c28SJacques Vidrine.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 25bbd80c28SJacques Vidrine.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 26bbd80c28SJacques Vidrine.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 27bbd80c28SJacques Vidrine.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 28bbd80c28SJacques Vidrine.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 29bbd80c28SJacques Vidrine.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 30bbd80c28SJacques Vidrine.\" SUCH DAMAGE. 31bbd80c28SJacques Vidrine.\" 32*ae771770SStanislav Sedov.\" $Id$ 33b528cefcSMark Murray.\" 34c19800e8SDoug Rabson.Dd December 8, 2004 35b528cefcSMark Murray.Dt HPROP 8 36b528cefcSMark Murray.Os HEIMDAL 37b528cefcSMark Murray.Sh NAME 38b528cefcSMark Murray.Nm hprop 3945524cd7SAssar Westerlund.Nd propagate the KDC database 40b528cefcSMark Murray.Sh SYNOPSIS 41b528cefcSMark Murray.Nm 42c19800e8SDoug Rabson.Bk -words 435e9cd1aeSAssar Westerlund.Oo Fl m Ar file \*(Ba Xo 44*ae771770SStanislav Sedov.Fl Fl master-key= Ns Pa file 455e9cd1aeSAssar Westerlund.Xc 46adb0ddaeSAssar Westerlund.Oc 475e9cd1aeSAssar Westerlund.Oo Fl d Ar file \*(Ba Xo 48*ae771770SStanislav Sedov.Fl Fl database= Ns Pa file 495e9cd1aeSAssar Westerlund.Xc 50adb0ddaeSAssar Westerlund.Oc 51*ae771770SStanislav Sedov.Op Fl Fl source= Ns Ar heimdal|mit-dump 524137ff4cSJacques Vidrine.Oo Fl r Ar string \*(Ba Xo 53*ae771770SStanislav Sedov.Fl Fl v4-realm= Ns Ar string 544137ff4cSJacques Vidrine.Xc 554137ff4cSJacques Vidrine.Oc 565e9cd1aeSAssar Westerlund.Oo Fl c Ar cell \*(Ba Xo 57*ae771770SStanislav Sedov.Fl Fl cell= Ns Ar cell 585e9cd1aeSAssar Westerlund.Xc 59adb0ddaeSAssar Westerlund.Oc 605e9cd1aeSAssar Westerlund.Oo Fl k Ar keytab \*(Ba Xo 61*ae771770SStanislav Sedov.Fl Fl keytab= Ns Ar keytab 625e9cd1aeSAssar Westerlund.Xc 63adb0ddaeSAssar Westerlund.Oc 645e9cd1aeSAssar Westerlund.Oo Fl R Ar string \*(Ba Xo 65*ae771770SStanislav Sedov.Fl Fl v5-realm= Ns Ar string 665e9cd1aeSAssar Westerlund.Xc 67adb0ddaeSAssar Westerlund.Oc 68*ae771770SStanislav Sedov.Op Fl D | Fl Fl decrypt 69*ae771770SStanislav Sedov.Op Fl E | Fl Fl encrypt 70*ae771770SStanislav Sedov.Op Fl n | Fl Fl stdout 71*ae771770SStanislav Sedov.Op Fl v | Fl Fl verbose 72*ae771770SStanislav Sedov.Op Fl Fl version 73*ae771770SStanislav Sedov.Op Fl h | Fl Fl help 744137ff4cSJacques Vidrine.Op Ar host Ns Op : Ns Ar port 7545524cd7SAssar Westerlund.Ar ... 76c19800e8SDoug Rabson.Ek 77b528cefcSMark Murray.Sh DESCRIPTION 78b528cefcSMark Murray.Nm 795e9cd1aeSAssar Westerlundtakes a principal database in a specified format and converts it into 805e9cd1aeSAssar Westerlunda stream of Heimdal database records. This stream can either be 815e9cd1aeSAssar Westerlundwritten to standard out, or (more commonly) be propagated to a 825e9cd1aeSAssar Westerlund.Xr hpropd 8 835e9cd1aeSAssar Westerlundserver running on a different machine. 845e9cd1aeSAssar Westerlund.Pp 855e9cd1aeSAssar WesterlundIf propagating, it connects to all 86b528cefcSMark Murray.Ar hosts 87b528cefcSMark Murrayspecified on the command by opening a TCP connection to port 754 88b528cefcSMark Murray(service hprop) and sends the database in encrypted form. 89b528cefcSMark Murray.Pp 905e9cd1aeSAssar WesterlundSupported options: 91b528cefcSMark Murray.Bl -tag -width Ds 92*ae771770SStanislav Sedov.It Fl m Ar file , Fl Fl master-key= Ns Pa file 935e9cd1aeSAssar WesterlundWhere to find the master key to encrypt or decrypt keys with. 94*ae771770SStanislav Sedov.It Fl d Ar file , Fl Fl database= Ns Pa file 95b528cefcSMark MurrayThe database to be propagated. 96*ae771770SStanislav Sedov.It Fl Fl source= Ns Ar heimdal|mit-dump|krb4-dump|kaserver 975e9cd1aeSAssar WesterlundSpecifies the type of the source database. Alternatives include: 988373020dSJacques Vidrine.Pp 99*ae771770SStanislav Sedov.Bl -tag -width mit-dump -compact -offset indent 1005e9cd1aeSAssar Westerlund.It heimdal 1015e9cd1aeSAssar Westerlunda Heimdal database 1025e9cd1aeSAssar Westerlund.It mit-dump 1035e9cd1aeSAssar Westerlunda MIT Kerberos 5 dump file 1045e9cd1aeSAssar Westerlund.El 105*ae771770SStanislav Sedov+.It Fl k Ar keytab , Fl Fl keytab= Ns Ar keytab 106b528cefcSMark MurrayThe keytab to use for fetching the key to be used for authenticating 107b528cefcSMark Murrayto the propagation daemon(s). The key 108*ae771770SStanislav Sedov.Pa hprop/hostname 1095e9cd1aeSAssar Westerlundis used from this keytab. The default is to fetch the key from the 1105e9cd1aeSAssar WesterlundKDC database. 111*ae771770SStanislav Sedov.It Fl R Ar string , Fl Fl v5-realm= Ns Ar string 1125e9cd1aeSAssar WesterlundLocal realm override. 113*ae771770SStanislav Sedov.It Fl D , Fl Fl decrypt 1145e9cd1aeSAssar WesterlundThe encryption keys in the database can either be in clear, or 1154137ff4cSJacques Vidrineencrypted with a master key. This option transmits the database with 1165e9cd1aeSAssar Westerlundunencrypted keys. 117*ae771770SStanislav Sedov.It Fl E , Fl Fl encrypt 1184137ff4cSJacques VidrineThis option transmits the database with encrypted keys. 119*ae771770SStanislav Sedov.It Fl n , Fl Fl stdout 120b528cefcSMark MurrayDump the database on stdout, in a format that can be fed to hpropd. 121b528cefcSMark Murray.El 1225e9cd1aeSAssar Westerlund.Sh EXAMPLES 1235e9cd1aeSAssar WesterlundThe following will propagate a database to another machine (which 1245e9cd1aeSAssar Westerlundshould run 1255e9cd1aeSAssar Westerlund.Xr hpropd 8 ) : 1265e9cd1aeSAssar Westerlund.Bd -literal -offset indent 1275e9cd1aeSAssar Westerlund$ hprop slave-1 slave-2 1285e9cd1aeSAssar Westerlund.Ed 129b528cefcSMark Murray.Sh SEE ALSO 130b528cefcSMark Murray.Xr hpropd 8 131