kpropd(1M) System Administration Commands kpropd(1M)NAMEkpropd - Kerberos propagation daemon for slave KDCs
SYNOPSIS
/usr/lib/krb5/kpropd [-d] [-f temp_dbfile] [-F dbfile]
[-p kdb_util] [-P port_number] [-r realm]
[-s srv_tabfile] [-S] [-a acl_file]
DESCRIPTION
The kpropd command runs on the slave KDC server. It listens for update
requests made by kprop(1M) from the master KDC and periodically
requests incremental updates from the master KDC.
When the slave receives a kprop request from the master, kpropd copies
principal data to a temporary text file. Next, kpropd invokes
kdb5_util(1M) (unless a different database utility is selected) to load
the text file in database format.
When the slave periodically requests incremental updates, kpropd update
its principal.ulog file with any updates from the master. kproplog(1M)
can be used to view a summary of the update entry log on the slave KDC.
kpropd is not configured for incremental database propagation by
default. These settings can be changed in the kdc.conf(4) file:
sunw_dbprop_enable = [true | false]
Enables or disables incremental database propagation. Default is
false.
sunw_dbprop_slave_poll = N[s, m, h]
Specifies how often the slave KDC polls for any updates that the
master might have. Default is 2m (two minutes).
The kiprop/<hostname>@<REALM> principal must exist in the slave's
keytab file to enable the master to authenticate incremental propaga‐
tion requests from the slave. In this syntax, <hostname> is the slave
KDC's host name and <REALM> is the realm in which the slave KDC
resides.
OPTIONS
The following options are supported:
-d
Enable debug mode. Default is debug mode disabled.
-f temp_dbfile
The location of the slave's temporary principal database file.
Default is /var/krb5/from_master.
-F dbfile
The location of the slave's principal database file. Default is
/var/krb5/principal.
-p kdb_util
The location of the Kerberos database utility used for loading
principal databases. Default is /usr/sbin/kdb5_util.
-P port_number
Specifies the port number on which kpropd will listen. Default is
754 (service name: krb5_prop).
-r realm
Specifies from which Kerberos realm kpropd will receive informa‐
tion. Default is specified in /etc/krb5/krb5.conf.
-s srv_tabfile
The location of the service table file used to authenticate the
kpropd daemon.
-S
Run the daemon in standalone mode, instead of having inetd listen
for requests. Default is non-standalone mode.
-a acl_file
The location of the kpropd's access control list to verify if this
server can run the kpropd daemon. The file contains a list of prin‐
cipal name(s) that will be receiving updates. Default is
/etc/krb5/kpropd.acl.
FILES
/var/krb5/principal
Kerberos principal database.
/var/krb5/principal.ulog
The update log file.
/etc/krb5/kdc.conf
KDC configuration information.
/etc/krb5/kpropd.acl
List of principals of all the KDCs; resides on each slave KDC.
/var/krb5/from_master
Temporary file used by kpropd before loading this to the principal
database.
ATTRIBUTES
See attributes(5) for descriptions of the following attributes:
┌─────────────────────────────┬─────────────────────────────┐
│ ATTRIBUTE TYPE │ ATTRIBUTE VALUE │
├─────────────────────────────┼─────────────────────────────┤
│Availability │SUNWkdcu │
├─────────────────────────────┼─────────────────────────────┤
│Interface Stability │Evolving │
└─────────────────────────────┴─────────────────────────────┘
SEE ALSOkdb5_util(1M), kprop(1M), kproplog(1M), kdc.conf(4), krb5.conf(4),
attributes(5), kerberos(5)SunOS 5.10 31 Oct 2007 kpropd(1M)