1.\" $Id: hprop.8,v 1.13 2001/07/19 16:33:26 assar Exp $ 2.\" 3.Dd June 19, 2000 4.Dt HPROP 8 5.Os HEIMDAL 6.Sh NAME 7.Nm hprop 8.Nd propagate the KDC database 9.Sh SYNOPSIS 10.Nm 11.Oo Fl m Ar file \*(Ba Xo 12.Fl -master-key= Ns Pa file 13.Xc 14.Oc 15.Oo Fl d Ar file \*(Ba Xo 16.Fl -database= Ns Pa file 17.Xc 18.Oc 19.Op Fl -source= Ns Ar heimdal|mit-dump|krb4-dump|krb4-db|kaserver 20.Oo Fl r Ar string \*(Ba Xo 21.Fl -v4-realm= Ns Ar string 22.Xc 23.Oc 24.Oo Fl c Ar cell \*(Ba Xo 25.Fl -cell= Ns Ar cell 26.Xc 27.Oc 28.Op Fl S | Fl -kaspecials 29.Oo Fl k Ar keytab \*(Ba Xo 30.Fl -keytab= Ns Ar keytab 31.Xc 32.Oc 33.Oo Fl R Ar string \*(Ba Xo 34.Fl -v5-realm= Ns Ar string 35.Xc 36.Oc 37.Op Fl D | Fl -decrypt 38.Op Fl E | Fl -encrypt 39.Op Fl n | Fl -stdout 40.Op Fl v | Fl -verbose 41.Op Fl -version 42.Op Fl h | Fl -help 43.Op Ar host Ns Op : Ns Ar port 44.Ar ... 45.Sh DESCRIPTION 46.Nm 47takes a principal database in a specified format and converts it into 48a stream of Heimdal database records. This stream can either be 49written to standard out, or (more commonly) be propagated to a 50.Xr hpropd 8 51server running on a different machine. 52.Pp 53If propagating, it connects to all 54.Ar hosts 55specified on the command by opening a TCP connection to port 754 56(service hprop) and sends the database in encrypted form. 57.Pp 58Supported options: 59.Bl -tag -width Ds 60.It Xo 61.Fl m Ar file Ns , 62.Fl -master-key= Ns Pa file 63.Xc 64Where to find the master key to encrypt or decrypt keys with. 65.It Xo 66.Fl d Ar file Ns , 67.Fl -database= Ns Pa file 68.Xc 69The database to be propagated. 70.It Xo 71.Fl -source= Ns Ar heimdal|mit-dump|krb4-dump|krb4-db|kaserver 72.Xc 73Specifies the type of the source database. Alternatives include: 74 75.Bl -tag -width krb4-dump -compact -offset indent 76.It heimdal 77a Heimdal database 78.It mit-dump 79a MIT Kerberos 5 dump file 80.It krb4-db 81a Kerberos 4 database 82.It krb4-dump 83a Kerberos 4 dump file 84.It kaserver 85an AFS kaserver database 86.El 87.It Xo 88.Fl k Ar keytab Ns , 89.Fl -keytab= Ns Ar keytab 90.Xc 91The keytab to use for fetching the key to be used for authenticating 92to the propagation daemon(s). The key 93.Pa kadmin/hprop 94is used from this keytab. The default is to fetch the key from the 95KDC database. 96.It Xo 97.Fl R Ar string Ns , 98.Fl -v5-realm= Ns Ar string 99.Xc 100Local realm override. 101.It Xo 102.Fl D Ns , 103.Fl -decrypt 104.Xc 105The encryption keys in the database can either be in clear, or 106encrypted with a master key. This option transmits the database with 107unencrypted keys. 108.It Xo 109.Fl E Ns , 110.Fl -encrypt 111.Xc 112This option transmits the database with encrypted keys. 113.It Xo 114.Fl n Ns , 115.Fl -stdout 116.Xc 117Dump the database on stdout, in a format that can be fed to hpropd. 118.El 119.Pp 120The following options are only valid if 121.Nm hprop 122is compiled with support for Kerberos 4 (kaserver). 123.Bl -tag -width Ds 124.It Xo 125.Fl r Ar string Ns , 126.Fl -v4-realm= Ns Ar string 127.Xc 128v4 realm to use 129.It Xo 130.Fl c Ar cell Ns , 131.Fl -cell= Ns Ar cell 132.Xc 133The AFS cell name, used if reading a kaserver database. 134.It Xo 135.Fl S Ns , 136.Fl -kaspecials 137.Xc 138Also dump the principals marked as special in the kaserver database. 139.It Xo 140.Fl 4 Ns , 141.Fl -v4-db 142.Xc 143Deprecated, identical to 144.Sq --source=krb4-db . 145.It Xo 146.Fl K Ns , 147.Fl -ka-db 148.Xc 149Deprecated, identical to 150.Sq --source=kaserver . 151.El 152.Sh EXAMPLES 153The following will propagate a database to another machine (which 154should run 155.Xr hpropd 8): 156.Bd -literal -offset indent 157$ hprop slave-1 slave-2 158.Ed 159.Pp 160Copy a Kerberos 4 database to a Kerberos 5 slave: 161.Bd -literal -offset indent 162$ hprop --source=krb4-db -E krb5-slave 163.Ed 164.Pp 165Convert a Kerberos 4 dump-file for use with a Heimdal KDC: 166.Bd -literal -offset indent 167$ hprop -n --source=krb4-dump -d /var/kerberos/principal.dump --master-key=/.k | hpropd -n 168.Ed 169.Sh SEE ALSO 170.Xr hpropd 8 171