|
System Administration Commands | kprop(1M) |
| kprop - Kerberos database propagation program |
SYNOPSIS
| /usr/lib/kprop [-d] [-f file] [-p port-number] [-r realm] [-s keytab] [host] |
|
kprop is a command-line utility used for propagating a Kerberos database from a master KDC to a slave KDC. This command must be run on the master KDC. See the Solaris System Administration Guide, Vol. 6
on how to set up periodic propagation between the master KDC and slave KDCs.
To propagate a Kerberos database, the following conditions must be met:
- The slave KDCs must have an /etc/krb5/kpropd.acl file that contains the principals for the master KDC and all the slave KDCs.
- A keytab containing a host principal entry must exist on each slave KDC.
- The database to be propagated must be dumped to a file using kdb5_util(1M).
|
|
- -d
- Enable debug mode. Default is debug mode disabled.
- -f file
- File to be sent to the slave KDC. Default is the /var/krb5/slave_datatrans file.
- -p port-number
- Propagate port-number. Default is port 754.
- -r realm
- Realm where propagation will occur. Default realm is the local realm.
- -s keytab
- Location of the keytab. Default location is /etc/krb5/krb5.keytab.
|
|
The following operands are supported:
-
host
- Name of the slave KDC.
|
| Example 1. Propagating the Kerberos Database
|
The following example propagates the Kerberos database from the /tmp/slave_data file to the slave KDC london. The machine london must have a host principal keytab entry and the kpropd.acl file must
contain an entry for the all the KDCs.
|
# kprop -f /tmp/slave_data london
|
|
|
|
-
/etc/krb5/kpropd.acl
- List of principals of all the KDCs; resides on each slave KDC.
-
/etc/krb5/krb5.keytab
- Keytab for Kerberos clients.
-
/var/krb5/slave_datatrans
- Kerberos database propagated to the KDC slaves.
|
|
See attributes(5) for descriptions of the following attributes:
ATTRIBUTE TYPE | ATTRIBUTE VALUE |
Availability | SUNWkdcu |
|
| |