1.\" $Id: hprop.8,v 1.8 2001/01/30 04:18:41 assar Exp $ 2.\" 3.Dd June 19, 2000 4.Dt HPROP 8 5.Os HEIMDAL 6.Sh NAME 7.Nm hprop 8.Nd 9propagate the KDC database 10.Sh SYNOPSIS 11.Nm 12.Oo Fl m Ar file \*(Ba Xo 13.Fl -master-key= Ns Pa file Oc 14.Xc 15.Oo Fl d Ar file \*(Ba Xo 16.Fl -database= Ns Pa file Oc 17.Xc 18.Op Fl -source= Ns Ar heimdal|mit-dump|krb4-db|krb4-dump 19.Op Fl 4 | Fl -v4-db 20.Op Fl K | Fl -ka-db 21.Oo Fl c Ar cell \*(Ba Xo 22.Fl -cell= Ns Ar cell Oc 23.Xc 24.Op Fl S | Fl -kaspecials 25.Oo Fl r Ar string \*(Ba Xo 26.Fl -v4-realm= Ns Ar string Oc 27.Xc 28.Oo Fl k Ar keytab \*(Ba Xo 29.Fl -keytab= Ns Ar keytab Oc 30.Xc 31.Oo Fl R Ar string \*(Ba Xo 32.Fl -v5-realm= Ns Ar string Oc 33.Xc 34.Op Fl D | Fl -decrypt 35.Op Fl E | Fl -encrypt 36.Op Fl n | Fl -stdout 37.Op Fl v | Fl -verbose 38.Op Fl -version 39.Op Fl h | Fl -help 40.Ar host Ns Op :port 41... 42.Sh DESCRIPTION 43.Nm 44takes a principal database in a specified format and converts it into 45a stream of Heimdal database records. This stream can either be 46written to standard out, or (more commonly) be propagated to a 47.Xr hpropd 8 48server running on a different machine. 49.Pp 50If propagating, it connects to all 51.Ar hosts 52specified on the command by opening a TCP connection to port 754 53(service hprop) and sends the database in encrypted form. 54.Pp 55Supported options: 56.Bl -tag -width Ds 57.It Xo 58.Fl m Ar file Ns , 59.Fl -master-key= Ns Pa file 60.Xc 61Where to find the master key to encrypt or decrypt keys with. 62.It Xo 63.Fl d Ar file Ns , 64.Fl -database= Ns Pa file 65.Xc 66The database to be propagated. 67.It Xo 68.Fl -source= Ns Ar heimdal|mit-dump|krb4-db|krb4-dump 69.Xc 70Specifies the type of the source database. Alternatives include: 71.Bl -tag -width krb4-dump 72.It heimdal 73a Heimdal database 74.It mit-dump 75a MIT Kerberos 5 dump file 76.It krb4-db 77a Kerberos 4 database 78.It krb4-dump 79a Kerberos 4 dump file 80.It kaserver 81a Transarc kaserver database 82.El 83.It Xo 84.Fl k Ar keytab Ns , 85.Fl -keytab= Ns Ar keytab 86.Xc 87The keytab to use for fetching the key to be used for authenticating 88to the propagation daemon(s). The key 89.Pa kadmin/hprop 90is used from this keytab. The default is to fetch the key from the 91KDC database. 92.It Xo 93.Fl R Ar string Ns , 94.Fl -v5-realm= Ns Ar string 95.Xc 96Local realm override. 97.It Xo 98.Fl D Ns , 99.Fl -decrypt 100.Xc 101The encryption keys in the database can either be in clear, or 102encrypted with a master key. This option thansmits the database with 103unencrypted keys. 104.It Xo 105.Fl E Ns , 106.Fl -encrypt 107.Xc 108This option thansmits the database with encrypted keys. 109.It Xo 110.Fl n Ns , 111.Fl -stdout 112.Xc 113Dump the database on stdout, in a format that can be fed to hpropd. 114.El 115 116The following options are only valid if 117.Nm hprop 118is compiled with support for Kerberos 4 (kaserver). 119.Bl -tag -width Ds 120.It Xo 121.Fl r Ar string Ns , 122.Fl -v4-realm= Ns Ar string 123.Xc 124v4 realm to use 125.It Xo 126.Fl c Ar cell Ns , 127.Fl -cell= Ns Ar cell 128.Xc 129The AFS cell name, used if reading a kaserver database. 130.It Xo 131.Fl S Ns , 132.Fl -kaspecials 133.Xc 134Also dump the principals marked as special in the kaserver database. 135.It Xo 136.Fl 4 Ns , 137.Fl -v4-db 138.Xc 139Deprecated, identical to 140.Sq --source=krb4-db . 141.It Xo 142.Fl K Ns , 143.Fl -ka-db 144.Xc 145Deprecated, identical to 146.Sq --source=kaserver . 147.El 148 149.Sh EXAMPLES 150The following will propagate a database to another machine (which 151should run 152.Xr hpropd 8): 153.Bd -literal -offset indent 154$ hprop slave-1 slave-2 155.Ed 156 157Copy a Kerberos 4 database to a Kerberos 5 slave: 158.Bd -literal -offset indent 159$ hprop --source=krb4-db -E krb5-slave 160.Ed 161 162Convert a Kerberos 4 dump-file for use with a Heimdal KDC: 163.Bd -literal -offset indent 164$ hprop -n --source=krb4-dump -d /var/kerberos/principal.dump -E | hpropd -n 165.Ed 166.Sh SEE ALSO 167.Xr hpropd 8 168