KPROP(8)KPROP(8)NAMEkprop - send Kerberos database from master to slave
push-kprop - shell script to run kpropSYNOPSISkprop [ -p ] [ -force ] [ -realm realm ] [ -private ] [ -s
srvtab ] data_file slaves_file
push-kprop
DESCRIPTION
The kprop program is used to copy the Kerberos database
from the Kerberos master server to a slave server. Any
slave server may serve as a Key Distribution Center just
as the master server does, permitting people to use Ker-
beros programs even if the master server is inaccessible.
The kprop program communicates with the kpropd(8) daemon,
which runs on the slave server.
The data_file argument is a file created by kdb_util(8)
with the slave_dump option.
The slaves_file argument is a text file containing a list
of the hostnames of the slave servers. It should contain
one hostname per line. Each hostname may optionally be
followed by the port number to contact, separated by a
colon (e.g. host.domain:2754). The default port number is
found by using getservbyname(3) to look up the krb_prop
service. If that is not defined, kprop uses 754.
The kprop program and the kdb_util(8) program communicate
using a semaphore file. The name of the file is the
data_file argument with .dump_ok appended. The file is
automatically created by kdb_util(8) when the slave_dump
option is used.
The push_kprop shell script may be used to invoke kprop.
It assumes that the list of slaves is in the file
/usr/kerberos/database/slavelist.
Normally the Kerberos database will be propagated from the
server to the slaves by invoking push_kprop on a regular
basis using cron(8).
The kprop program requires a srvtab file with an entry for
rcmd.HOSTNAME@REALM. This is the same type of srvtab file
required to run the klogind(8) or kshd(8) servers. Srvtab
files can be created using the ksrvutil(8) program. The
default srvtab file is /etc/krb-srvtab. This default may
be overridden with the -s option.
OPTIONS-p Use preauthentication when retrieving tickets.
MIT Project Athena Kerberos Version 4.0 1
KPROP(8)KPROP(8)-force
Transfer the database even if the semaphore file gen-
erated by kdb_util(8) indicates that the dump is not
up to date.
-realm realm
Set the Kerberos realm name. The default realm name
is obtained using krb_get_lrealm(3).
-private
Encrypt the data being sent to the slave server.
This is the default.
-s srvtab
Set the name of the srvtab file to use when retriev-
ing tickets. The default is /etc/krb-srvtab.
FILES
/usr/kerberos/database/slavelist
The list of slave hostnames used by push-kprop.
/usr/kerberos/database/slavesave
The database dump file used by push-kprop.
/tmp/kproptktXXXXXX
The ticket file used by kprop.
/etc/krb-srvtab
The default srvtab file.
SEE ALSOkpropd(8), kdb_util(8), cron(8), krb_get_lrealm(3), ksrvu-
til(8), klogind(8), kshd(8), getservbyname(3)MIT Project Athena Kerberos Version 4.0 2