kprop(1M)

NAME

     kprop - Kerberos database propagation program

SYNOPSIS

     /usr/lib/kprop [-d] [-f file] [-p  port-number]  [-r  realm]
     [-s keytab] [host]

DESCRIPTION

     kprop is a command-line utility used for propagating a  Ker-
     beros  database  from a master KDC to a slave KDC. This com-
     mand must be run on the master KDC. See the  Solaris  System
     Administration  Guide, Vol. 6 on how to set up periodic pro-
     pagation between the master KDC and slave KDCs.

     To propagate a Kerberos database, the  following  conditions
     must be met:

        o  The slave KDCs must have an /etc/krb5/kpropd.acl  file
           that  contains  the  principals for the master KDC and
           all the slave KDCs.

        o  A keytab containing a host principal entry must  exist
           on each slave KDC.

        o  The database to be propagated must be dumped to a file
           using kdb5_util(1M).

OPTIONS

     The following options are supported:

     -d    Enable debug mode. Default is debug mode disabled.

     -f file
           File to be sent to  the  slave  KDC.  Default  is  the
           /var/krb5/slave_datatrans file.

     -p port-number
           Propagate port-number. Default is port 754.

     -r realm
           Realm where propagation will occur. Default  realm  is
           the local realm.

     -s keytab
           Location  of   the   keytab.   Default   location   is
           /etc/krb5/krb5.keytab.

OPERANDS

     The following operands are supported:

     host  Name of the slave KDC.

EXAMPLES

     Example 1: Propagating the Kerberos Database

     The following example propagates the Kerberos database  from
     the  /tmp/slave_data  file  to  the  slave  KDC  london. The
     machine london must have a host principal keytab  entry  and
     the  kpropd.acl  file  must contain an entry for the all the
     KDCs.

     # kprop -f /tmp/slave_data london

FILES

     /etc/krb5/kpropd.acl
           List of principals of all the KDCs;  resides  on  each
           slave KDC.

     /etc/krb5/krb5.keytab
            Keytab for Kerberos clients.

     /var/krb5/slave_datatrans
           Kerberos database propagated to the KDC slaves.

ATTRIBUTES

     See attributes(5) for descriptions of the  following  attri-
     butes:

     ____________________________________________________________
    |       ATTRIBUTE TYPE        |       ATTRIBUTE VALUE       |
    |_____________________________|_____________________________|
    | Availability                | SUNWkdcu                    |
    |_____________________________|_____________________________|

SEE ALSO

     kpasswd(1),  gkadmin(1M),   kadmind(1M),   kadmin.local(1M),
     kdb5_util(1M),   kadm5.acl(4),  kdc.conf(4),  attributes(5),
     SEAM(5)

     System Administration Guide: Security Services
Man(1) output converted with man2html