KPROP(8) Maintenance Commands and Procedures KPROP(8)
kprop - Kerberos database propagation program
/usr/lib/krb5/kprop [-d] [-f file] [-p port-number]
[-r realm] [-s keytab] [host]
kprop is a command-line utility used for propagating a Kerberos
database from a master KDC to a slave KDC. This command must be run
on the master KDC. See the Solaris System Administration Guide, Vol.
6 on how to set up periodic propagation between the master KDC and
slave KDCs.
To propagate a Kerberos database, the following conditions must be
met:
o The slave KDCs must have an /etc/krb5/kpropd.acl file that
contains the principals for the master KDC and all the
slave KDCs.
o A keytab containing a host principal entry must exist on
each slave KDC.
o The database to be propagated must be dumped to a file
using kdb5_util(8).
The following options are supported:
-d
Enable debug mode. Default is debug mode disabled.
-f file
File to be sent to the slave KDC. Default is the
/var/krb5/slave_datatrans file.
-p port-number
Propagate port-number. Default is port 754.
-r realm
Realm where propagation will occur. Default realm
is the local realm.
-s keytab
Location of the keytab. Default location is
/etc/krb5/krb5.keytab.
The following operands are supported:
host
Name of the slave KDC.
The following example propagates the Kerberos database from the
/tmp/slave_data file to the slave KDC london. The machine london must
have a host principal keytab entry and the kpropd.acl file must
contain an entry for the all the KDCs.
# kprop -f /tmp/slave_data london
/etc/krb5/kpropd.acl
List of principals of all the KDCs;
resides on each slave KDC.
/etc/krb5/krb5.keytab
Keytab for Kerberos clients.
/var/krb5/slave_datatrans
Kerberos database propagated to the KDC
slaves.
kpasswd(1), svcs(1), kadm5.acl(5), kdc.conf(5), attributes(7),
kerberos(7), smf(7), inetadm(8), inetd(8), kadmin.local(8),
kadmind(8), kdb5_util(8), svcadm(8)
October 29, 2015 KPROP(8)
NAME
kprop - Kerberos database propagation program
SYNOPSIS
/usr/lib/krb5/kprop [-d] [-f file] [-p port-number]
[-r realm] [-s keytab] [host]
DESCRIPTION
kprop is a command-line utility used for propagating a Kerberos
database from a master KDC to a slave KDC. This command must be run
on the master KDC. See the Solaris System Administration Guide, Vol.
6 on how to set up periodic propagation between the master KDC and
slave KDCs.
To propagate a Kerberos database, the following conditions must be
met:
o The slave KDCs must have an /etc/krb5/kpropd.acl file that
contains the principals for the master KDC and all the
slave KDCs.
o A keytab containing a host principal entry must exist on
each slave KDC.
o The database to be propagated must be dumped to a file
using kdb5_util(8).
OPTIONS
The following options are supported:
-d
Enable debug mode. Default is debug mode disabled.
-f file
File to be sent to the slave KDC. Default is the
/var/krb5/slave_datatrans file.
-p port-number
Propagate port-number. Default is port 754.
-r realm
Realm where propagation will occur. Default realm
is the local realm.
-s keytab
Location of the keytab. Default location is
/etc/krb5/krb5.keytab.
OPERANDS
The following operands are supported:
host
Name of the slave KDC.
EXAMPLES
Example 1: Propagating the Kerberos Database
The following example propagates the Kerberos database from the
/tmp/slave_data file to the slave KDC london. The machine london must
have a host principal keytab entry and the kpropd.acl file must
contain an entry for the all the KDCs.
# kprop -f /tmp/slave_data london
FILES
/etc/krb5/kpropd.acl
List of principals of all the KDCs;
resides on each slave KDC.
/etc/krb5/krb5.keytab
Keytab for Kerberos clients.
/var/krb5/slave_datatrans
Kerberos database propagated to the KDC
slaves.
SEE ALSO
kpasswd(1), svcs(1), kadm5.acl(5), kdc.conf(5), attributes(7),
kerberos(7), smf(7), inetadm(8), inetd(8), kadmin.local(8),
kadmind(8), kdb5_util(8), svcadm(8)
October 29, 2015 KPROP(8)