KPROPD(8) Maintenance Commands and Procedures KPROPD(8)
NAME
kpropd - Kerberos propagation daemon for slave KDCs
SYNOPSIS
/usr/lib/krb5/kpropd [
-d] [
-f temp_dbfile] [
-F dbfile]
[
-p kdb_util] [
-P port_number] [
-r realm]
[
-s srv_tabfile] [
-S] [
-a acl_file]
DESCRIPTION
The
kpropd command runs on the slave KDC server. It listens for
update requests made by
kprop(8) from the master KDC and periodically
requests incremental updates from the master KDC.
When the slave receives a kprop request from the master,
kpropd copies principal data to a temporary text file. Next,
kpropd invokes
kdb5_util(8) (unless a different database utility is selected) to
load the text file in database format.
When the slave periodically requests incremental updates,
kpropd update its
principal.ulog file with any updates from the master.
kproplog(8) can be used to view a summary of the update entry log on
the slave KDC.
kpropd is not configured for incremental database propagation by
default. These settings can be changed in the
kdc.conf(5) file:
sunw_dbprop_enable = [true | false] Enables or disables incremental database propagation. Default is
false.
sunw_dbprop_slave_poll = N[s, m, h] Specifies how often the slave KDC polls for any updates that the
master might have. Default is
2m (two minutes).
The
kiprop/<hostname>@
<REALM> principal must exist in the slave's
keytab file to enable the master to authenticate incremental
propagation requests from the slave. In this syntax,
<hostname> is
the slave KDC's host name and
<REALM> is the realm in which the slave
KDC resides.
OPTIONS
The following options are supported:
-d Enable debug mode. Default is debug mode disabled.
-f temp_dbfile The location of the slave's temporary principal
database file. Default is
/var/krb5/from_master.
-F dbfile The location of the slave's principal database
file. Default is
/var/krb5/principal.
-p kdb_util The location of the Kerberos database utility used
for loading principal databases. Default is
/usr/sbin/kdb5_util.
-P port_number Specifies the port number on which
kpropd will
listen. Default is 754 (service name:
krb5_prop).
-r realm Specifies from which Kerberos realm kpropd will
receive information. Default is specified in
/etc/krb5/krb5.conf.
-s srv_tabfile The location of the service table file used to
authenticate the
kpropd daemon.
-S Run the daemon in standalone mode, instead of
having
inetd listen for requests. Default is non-
standalone mode.
-a acl_file The location of the
kpropd's access control list to
verify if this server can run the
kpropd daemon.
The file contains a list of principal name(s) that
will be receiving updates. Default is
/etc/krb5/kpropd.acl.
FILES
/var/krb5/principal Kerberos principal database.
/var/krb5/principal.ulog The update log file.
/etc/krb5/kdc.conf KDC configuration information.
/etc/krb5/kpropd.acl List of principals of all the KDCs;
resides on each slave KDC.
/var/krb5/from_master Temporary file used by kpropd before
loading this to the principal database.
ATTRIBUTES
See
attributes(7) for descriptions of the following attributes:
+--------------------+-----------------+
| ATTRIBUTE TYPE | ATTRIBUTE VALUE |
+--------------------+-----------------+
|Interface Stability | Evolving |
+--------------------+-----------------+
SEE ALSO
kdc.conf(5),
krb5.conf(5),
attributes(7),
kerberos(7),
kdb5_util(8),
kprop(8),
kproplog(8)NOTES
The
kprop service is managed by the service management facility,
smf(7), under the service identifier:
svc:/network/security/krb5_prop:default
Administrative actions on this service, such as enabling, disabling,
or requesting restart, can be performed using
svcadm(8).
Responsibility for initiating and restarting this service is
delegated to
inetd(8). Use
inetadm(8) to make configuration changes
and to view configuration information for this service. The service's
status can be queried using the
svcs(1) command.
July 11, 2005 KPROPD(8)
