KPROPD(8)KPROPD(8)NAMEkpropd - Kerberos V5 slave KDC update server
SYNOPSISkpropd [ -r realm ] [ -f slave_dumpfile ] [ -F principal_database ] [
-p kdb5_util_prog ] [ -d ] [ -S ] [ -P port ]
DESCRIPTIONkpropd is the server which accepts connections from the kprop(8) pro‐
gram. kpropd accepts the dumped KDC database and places it in a file,
and then runs kdb5_util(8) to load the dumped database into the active
database which is used by krb5kdc(8). Thus, the master Kerberos server
can use kprop(8) to propagate its database to the slave slavers. Upon
a successful download of the KDC database file, the slave Kerberos
server will have an up-to-date KDC database.
Normally, kpropd is invoked out of inetd(8). This is done by adding a
line to the inetd.conf file which looks like this:
kprop stream tcp nowait root /usr/ker‐
beros/sbin/kpropd kpropd
However, kpropd can also run as a standalone deamon, if the -S option
is turned on. This is done for debugging purposes, or if for some rea‐
son the system administrator just doesn't want to run it out of
inetd(8).
OPTIONS-r realm
specifies the realm of the master server; by default the realm
returned by krb5_default_local_realm(3) is used.
-f file
specifies the filename where the dumped principal database file
is to be stored; by default the dumped database file is
KPROPD_DEFAULT_FILE (normally /var/kerberos/krb5kdc/from_mas‐
ter).
-p allows the user to specify the pathname to the kdb5_util(8) pro‐
gram; by default the pathname used is KPROPD_DEFAULT_KDB5_UTIL
(normally /usr/kerberos/sbin/kdb5_util).
-S turn on standalone mode. Normally, kpropd is invoked out of
inetd(8) so it expects a network connection to be passed to it
from inetd (8). If the -S option is specified, kpropd will put
itself into the background, and wait for connections to the
KPROP_SERVICE port (normally krb5_prop).
-d turn on debug mode. In this mode, if the -S option is selected,
kpropd will not detach itself from the current job and run in
the background. Instead, it will run in the foreground and
print out debugging messages during the database propagation.
-P allow for an alternate port number for kpropd to listen on. This
is only useful if the program is run in standalone mode.
-a allows the user to specify the path to the file; by default the
path used is KPROPD_ACL_FILE (normally /var/ker‐
beros/krb5kdc/kpropd.acl).
FILES
kpropd.acl Access file for kpropd; the default location is
KPROPD_ACL_FILE (normally /var/ker‐
beros/krb5kdc/kpropd.acl). Each entry is a line containing
the principal of a host from which the local machine will
allow Kerberos database propagation via kprop.
SEE ALSOkprop(8), kdb5_util(8), krb5kdc(8), inetd(8)KPROPD(8)