1.\" $Id: hprop.8,v 1.10 2001/06/08 21:35:31 joda Exp $ 2.\" 3.Dd June 19, 2000 4.Dt HPROP 8 5.Os HEIMDAL 6.Sh NAME 7.Nm hprop 8.Nd propagate the KDC database 9.Sh SYNOPSIS 10.Nm 11.Oo Fl m Ar file \*(Ba Xo 12.Fl -master-key= Ns Pa file 13.Xc 14.Oc 15.Oo Fl d Ar file \*(Ba Xo 16.Fl -database= Ns Pa file 17.Xc 18.Oc 19.Op Fl -source= Ns Ar heimdal|mit-dump|krb4-db|krb4-dump 20.Op Fl 4 | Fl -v4-db 21.Op Fl K | Fl -ka-db 22.Oo Fl c Ar cell \*(Ba Xo 23.Fl -cell= Ns Ar cell 24.Xc 25.Oc 26.Op Fl S | Fl -kaspecials 27.Oo Fl r Ar string \*(Ba Xo 28.Fl -v4-realm= Ns Ar string 29.Xc 30.Oc 31.Oo Fl k Ar keytab \*(Ba Xo 32.Fl -keytab= Ns Ar keytab 33.Xc 34.Oc 35.Oo Fl R Ar string \*(Ba Xo 36.Fl -v5-realm= Ns Ar string 37.Xc 38.Oc 39.Op Fl D | Fl -decrypt 40.Op Fl E | Fl -encrypt 41.Op Fl n | Fl -stdout 42.Op Fl v | Fl -verbose 43.Op Fl -version 44.Op Fl h | Fl -help 45.Ar host Ns Op : Ns Ar port 46.Ar ... 47.Sh DESCRIPTION 48.Nm 49takes a principal database in a specified format and converts it into 50a stream of Heimdal database records. This stream can either be 51written to standard out, or (more commonly) be propagated to a 52.Xr hpropd 8 53server running on a different machine. 54.Pp 55If propagating, it connects to all 56.Ar hosts 57specified on the command by opening a TCP connection to port 754 58(service hprop) and sends the database in encrypted form. 59.Pp 60Supported options: 61.Bl -tag -width Ds 62.It Xo 63.Fl m Ar file Ns , 64.Fl -master-key= Ns Pa file 65.Xc 66Where to find the master key to encrypt or decrypt keys with. 67.It Xo 68.Fl d Ar file Ns , 69.Fl -database= Ns Pa file 70.Xc 71The database to be propagated. 72.It Xo 73.Fl -source= Ns Ar heimdal|mit-dump|krb4-db|krb4-dump 74.Xc 75Specifies the type of the source database. Alternatives include: 76.Bl -tag -width krb4-dump 77.It heimdal 78a Heimdal database 79.It mit-dump 80a MIT Kerberos 5 dump file 81.It krb4-db 82a Kerberos 4 database 83.It krb4-dump 84a Kerberos 4 dump file 85.It kaserver 86a Transarc kaserver database 87.El 88.It Xo 89.Fl k Ar keytab Ns , 90.Fl -keytab= Ns Ar keytab 91.Xc 92The keytab to use for fetching the key to be used for authenticating 93to the propagation daemon(s). The key 94.Pa kadmin/hprop 95is used from this keytab. The default is to fetch the key from the 96KDC database. 97.It Xo 98.Fl R Ar string Ns , 99.Fl -v5-realm= Ns Ar string 100.Xc 101Local realm override. 102.It Xo 103.Fl D Ns , 104.Fl -decrypt 105.Xc 106The encryption keys in the database can either be in clear, or 107encrypted with a master key. This option thansmits the database with 108unencrypted keys. 109.It Xo 110.Fl E Ns , 111.Fl -encrypt 112.Xc 113This option thansmits the database with encrypted keys. 114.It Xo 115.Fl n Ns , 116.Fl -stdout 117.Xc 118Dump the database on stdout, in a format that can be fed to hpropd. 119.El 120.Pp 121The following options are only valid if 122.Nm hprop 123is compiled with support for Kerberos 4 (kaserver). 124.Bl -tag -width Ds 125.It Xo 126.Fl r Ar string Ns , 127.Fl -v4-realm= Ns Ar string 128.Xc 129v4 realm to use 130.It Xo 131.Fl c Ar cell Ns , 132.Fl -cell= Ns Ar cell 133.Xc 134The AFS cell name, used if reading a kaserver database. 135.It Xo 136.Fl S Ns , 137.Fl -kaspecials 138.Xc 139Also dump the principals marked as special in the kaserver database. 140.It Xo 141.Fl 4 Ns , 142.Fl -v4-db 143.Xc 144Deprecated, identical to 145.Sq --source=krb4-db . 146.It Xo 147.Fl K Ns , 148.Fl -ka-db 149.Xc 150Deprecated, identical to 151.Sq --source=kaserver . 152.El 153.Sh EXAMPLES 154The following will propagate a database to another machine (which 155should run 156.Xr hpropd 8): 157.Bd -literal -offset indent 158$ hprop slave-1 slave-2 159.Ed 160.Pp 161Copy a Kerberos 4 database to a Kerberos 5 slave: 162.Bd -literal -offset indent 163$ hprop --source=krb4-db -E krb5-slave 164.Ed 165.Pp 166Convert a Kerberos 4 dump-file for use with a Heimdal KDC: 167.Bd -literal -offset indent 168$ hprop -n --source=krb4-dump -d /var/kerberos/principal.dump -E | hpropd -n 169.Ed 170.Sh SEE ALSO 171.Xr hpropd 8 172