KPROP(8) Maintenance Commands and Procedures KPROP(8)

kprop - Kerberos database propagation program

/usr/lib/krb5/kprop [-d] [-f file] [-p port-number]


     [-r realm] [-s keytab] [host]

kprop is a command-line utility used for propagating a Kerberos database from a master KDC to a slave KDC. This command must be run on the master KDC. See the Solaris System Administration Guide, Vol. 6 on how to set up periodic propagation between the master KDC and slave KDCs.

To propagate a Kerberos database, the following conditions must be met:

The slave KDCs must have an /etc/krb5/kpropd.acl file that contains the principals for the master KDC and all the slave KDCs.
A keytab containing a host principal entry must exist on each slave KDC.
The database to be propagated must be dumped to a file using kdb5_util(8).

The following options are supported:

-d

Enable debug mode. Default is debug mode disabled.

-f file

File to be sent to the slave KDC. Default is the /var/krb5/slave_datatrans file.

-p port-number

Propagate port-number. Default is port 754.

-r realm

Realm where propagation will occur. Default realm is the local realm.

-s keytab

Location of the keytab. Default location is /etc/krb5/krb5.keytab.

The following operands are supported:

host

Name of the slave KDC.

Example 1 Propagating the Kerberos Database

The following example propagates the Kerberos database from the /tmp/slave_data file to the slave KDC london. The machine london must have a host principal keytab entry and the kpropd.acl file must contain an entry for the all the KDCs.


# kprop -f /tmp/slave_data london

/etc/krb5/kpropd.acl

List of principals of all the KDCs; resides on each slave KDC.

/etc/krb5/krb5.keytab

Keytab for Kerberos clients.

/var/krb5/slave_datatrans

Kerberos database propagated to the KDC slaves.

kpasswd(1), svcs(1), kadm5.acl(5), kdc.conf(5), attributes(7), kerberos(7), smf(7), inetadm(8), inetd(8), kadmin.local(8), kadmind(8), kdb5_util(8), svcadm(8)

October 29, 2015 OmniOS