xref: /titanic_41/usr/src/man/man1m/kprop.1m (revision 430b4c467020edf2445feb0c21db01c88b86243a)
te
Copyright 1987, 1989 by the Student Information Processing Board of the Massachusetts Institute of Technology. For copying and distribution information, please see the file kerberosv5/mit-sipb-copyright.h.
Portions Copyright (c) 2006, Sun Microsystems, Inc. All Rights Reserved.
The contents of this file are subject to the terms of the Common Development and Distribution License (the "License"). You may not use this file except in compliance with the License.
You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE or http://www.opensolaris.org/os/licensing. See the License for the specific language governing permissions and limitations under the License.
When distributing Covered Code, include this CDDL HEADER in each file and include the License file at usr/src/OPENSOLARIS.LICENSE. If applicable, add the following below this CDDL HEADER, with the fields enclosed by brackets "[]" replaced with your own identifying information: Portions Copyright [yyyy] [name of copyright owner]
kprop 1M "14 Nov 2005" "SunOS 5.11" "System Administration Commands"
NAME
kprop - Kerberos database propagation program
SYNOPSIS

/usr/lib/krb5/kprop [-d] [-f file] [-p port-number] 
 [-r realm] [-s keytab] [host]
DESCRIPTION

kprop is a command-line utility used for propagating a Kerberos database from a master KDC to a slave KDC. This command must be run on the master KDC. See the Solaris System Administration Guide, Vol. 6 on how to set up periodic propagation between the master KDC and slave KDCs.

To propagate a Kerberos database, the following conditions must be met:

The slave KDCs must have an /etc/krb5/kpropd.acl file that contains the principals for the master KDC and all the slave KDCs.

A keytab containing a host principal entry must exist on each slave KDC.

The database to be propagated must be dumped to a file using kdb5_util(1M).

OPTIONS

The following options are supported:

-d

Enable debug mode. Default is debug mode disabled.

-f file

File to be sent to the slave KDC. Default is the /var/krb5/slave_datatrans file.

-p port-number

Propagate port-number. Default is port 754.

-r realm

Realm where propagation will occur. Default realm is the local realm.

-s keytab

Location of the keytab. Default location is /etc/krb5/krb5.keytab.

OPERANDS

The following operands are supported:

host

Name of the slave KDC.

EXAMPLES

Example 1 Propagating the Kerberos Database

The following example propagates the Kerberos database from the /tmp/slave_data file to the slave KDC london. The machine london must have a host principal keytab entry and the kpropd.acl file must contain an entry for the all the KDCs.

# kprop -f /tmp/slave_data london
FILES

/etc/krb5/kpropd.acl

List of principals of all the KDCs; resides on each slave KDC.

/etc/krb5/krb5.keytab

Keytab for Kerberos clients.

/var/krb5/slave_datatrans

Kerberos database propagated to the KDC slaves.

SEE ALSO

kpasswd(1), svcs(1), gkadmin(1M), inetadm(1M), inetd(1M), kadmind(1M), kadmin.local(1M), kdb5_util(1M), svcadm(1M), kadm5.acl(4), kdc.conf(4), attributes(5), kerberos(5), smf(5)