KPROP(1M) Maintenance Commands KPROP(1M)


NAME


kprop - Kerberos database propagation program

SYNOPSIS


/usr/lib/krb5/kprop [-d] [-f file] [-p port-number]
[-r realm] [-s keytab] [host]


DESCRIPTION


kprop is a command-line utility used for propagating a Kerberos database
from a master KDC to a slave KDC. This command must be run on the master
KDC. See the Solaris System Administration Guide, Vol. 6 on how to set up
periodic propagation between the master KDC and slave KDCs.


To propagate a Kerberos database, the following conditions must be met:

o The slave KDCs must have an /etc/krb5/kpropd.acl file that
contains the principals for the master KDC and all the slave
KDCs.

o A keytab containing a host principal entry must exist on each
slave KDC.

o The database to be propagated must be dumped to a file using
kdb5_util(1M).

OPTIONS


The following options are supported:

-d
Enable debug mode. Default is debug mode disabled.


-f file
File to be sent to the slave KDC. Default is the
/var/krb5/slave_datatrans file.


-p port-number
Propagate port-number. Default is port 754.


-r realm
Realm where propagation will occur. Default realm is
the local realm.


-s keytab
Location of the keytab. Default location is
/etc/krb5/krb5.keytab.


OPERANDS


The following operands are supported:

host
Name of the slave KDC.


EXAMPLES


Example 1: Propagating the Kerberos Database




The following example propagates the Kerberos database from the
/tmp/slave_data file to the slave KDC london. The machine london must
have a host principal keytab entry and the kpropd.acl file must contain
an entry for the all the KDCs.


# kprop -f /tmp/slave_data london


FILES


/etc/krb5/kpropd.acl
List of principals of all the KDCs; resides
on each slave KDC.


/etc/krb5/krb5.keytab
Keytab for Kerberos clients.


/var/krb5/slave_datatrans
Kerberos database propagated to the KDC
slaves.


SEE ALSO


kpasswd(1), svcs(1), inetadm(1M), inetd(1M), kadmind(1M),
kadmin.local(1M), kdb5_util(1M), svcadm(1M), kadm5.acl(4), kdc.conf(4),
attributes(5), kerberos(5), smf(5)


October 29, 2015 KPROP(1M)