Man page or keyword search:   man All Sections 1 - General Commands 2 - System Calls 3 - Subroutines, Functions 4 - Special Files 5 - File Formats 6 - Games and Screensavers 7 - Macros and Conventions 8 - Maintenence Commands 9 - Kernel Interface New Commands Server 4.4BSD AIX Alpinelinux Archlinux Aros BSDOS BSDi Bifrost CentOS Cygwin Darwin Debian DigitalUNIX DragonFly ElementaryOS Fedora FreeBSD Gentoo GhostBSD HP-UX Haiku Hurd IRIX Inferno JazzOS Kali Knoppix LinuxMint MacOSX Mageia Mandriva Manjaro Minix MirBSD NeXTSTEP NetBSD OPENSTEP OSF1 OpenBSD OpenDarwin OpenIndiana OpenMandriva OpenServer OpenSuSE OpenVMS Oracle PC-BSD Peanut Pidora Plan9 QNX Raspbian RedHat Scientific Slackware SmartOS Solaris SuSE SunOS Syllable Tru64 UNIXv7 Ubuntu Ultrix UnixWare Xenix YellowDog aLinux   26626 pages apropos Keyword Search (all sections) Output format html ascii pdf view pdf save postscript

KPROPD(8)							     KPROPD(8)

NAME
       kpropd - Kerberos V5 slave KDC update server

SYNOPSIS
       kpropd  [  -r realm ] [ -f slave_dumpfile ] [ -F principal_database ] [
       -p kdb5_util_prog ] [ -d ] [ -S ] [ -P port ]

DESCRIPTION
       The kpropd command runs on the slave KDC server.	 It listens for update
       requests made by the kprop(8) program, and periodically requests incre‐
       mental updates from the master KDC.

       When the slave receives a kprop request from the master, kpropd accepts
       the  dumped  KDC	 database  and	places	it  in	a  file, and then runs
       kdb5_util(8) to load the dumped database into the active database which
       is  used	 by  krb5kdc(8).   Thus,  the  master  Kerberos server can use
       kprop(8) to propagate its database to the slave slavers.	 Upon  a  suc‐
       cessful	download  of  the KDC database file, the slave Kerberos server
       will have an up-to-date KDC database.

       Normally, kpropd is invoked out of inetd(8).  This is done by adding  a
       line to the inetd.conf file which looks like this:

       kprop	 stream	   tcp	nowait	  root /usr/sbin/kpropd	   kpropd

       However,	 kpropd	 can also run as a standalone daemon, if the -S option
       is turned on.  This is done for debugging purposes, or if for some rea‐
       son  the	 system	 administrator	just  doesn't  want  to	 run it out of
       inetd(8).

       When  the  slave	 periodically  requests	 incremental  updates,	kpropd
       updates	its  principal.ulog  file  with	 any  updates from the master.
       kproplog(8) can be used to view a summary of the update	entry  log  on
       the  slave  KDC.	 Incremental propagation is not enabled by default; it
       can be enabled using the iprop_enable and iprop_slave_poll settings  in
       kdc.conf(5).  The principal "kiprop/slavehostname@REALM" (where "slave‐
       hostname" is the name of the slave KDC host, and "REALM" is the name of
       the Kerberos realm) must be present in the slave's keytab file.

OPTIONS
       -r realm
	      specifies	 the  realm of the master server; by default the realm
	      returned by krb5_default_local_realm(3) is used.

       -f file
	      specifies the filename where the dumped principal database  file
	      is  to  be  stored;  by  default	the  dumped  database  file is
	      KPROPD_DEFAULT_FILE  (normally   /var/kerberos/krb5kdc/from_mas‐
	      ter).

       -p     allows the user to specify the pathname to the kdb5_util(8) pro‐
	      gram; by default the pathname used  is  KPROPD_DEFAULT_KDB5_UTIL
	      (normally /usr/sbin/kdb5_util).

       -S     turn  on	standalone  mode.   Normally, kpropd is invoked out of
	      inetd(8) so it expects a network connection to be passed	to  it
	      from  inetd (8).	If the -S option is specified, kpropd will put
	      itself into the background, and  wait  for  connections  to  the
	      KPROP_SERVICE port (normally krb5_prop).

       -d     turn on debug mode.  In this mode, if the -S option is selected,
	      kpropd will not detach itself from the current job  and  run  in
	      the  background.	 Instead,  it  will  run in the foreground and
	      print out debugging messages during the database propagation.

       -P     allow for an alternate port number for kpropd to listen on. This
	      is only useful if the program is run in standalone mode.

       -a     allows  the  user to specify the path to the kpropd.acl file; by
	      default the path used  is	 KPROPD_ACL_FILE  (normally  /var/ker‐
	      beros/krb5kdc/kpropd.acl).

FILES
       kpropd.acl  Access   file   for	 kpropd;   the	 default  location  is
		   KPROPD_ACL_FILE	       (normally	     /var/ker‐
		   beros/krb5kdc/kpropd.acl).  Each entry is a line containing
		   the principal of a host from which the local	 machine  will
		   allow Kerberos database propagation via kprop.

SEE ALSO
       kprop(8), kdb5_util(8), krb5kdc(8), inetd(8)

								     KPROPD(8)

Vote for polarhome