kpropd man page on Alpinelinux

Man page or keyword search:  
man Server   18016 pages
apropos Keyword Search (all sections)
Output format
Alpinelinux logo
[printable version]

KPROPD(8)			 MIT Kerberos			     KPROPD(8)

NAME
       kpropd - Kerberos V5 slave KDC update server

SYNOPSIS
       kpropd [-r realm] [-a acl_file] [-f slave_dumpfile] [-F principal_data‐
       base] [-p kdb5_util_prog] [-P port] [-d]

DESCRIPTION
       The kpropd command runs on the slave KDC server.	 It listens for update
       requests	 made  by the kprop(8) program.	 If incremental propagation is
       enabled, it periodically requests incremental updates from  the	master
       KDC.

       When the slave receives a kprop request from the master, kpropd accepts
       the dumped KDC database	and  places  it	 in  a	file,  and  then  runs
       kdb5_util(8) to load the dumped database into the active database which
       is used by krb5kdc(8).  This allows the master Kerberos server  to  use
       kprop(8)	 to  propagate its database to the slave servers.  Upon a suc‐
       cessful download of the KDC database file, the  slave  Kerberos	server
       will have an up-to-date KDC database.

       Where  incremental  propagation is not used, kpropd is commonly invoked
       out of inetd(8) as a nowait service.  This is done by adding a line  to
       the /etc/inetd.conf file which looks like this:

	  kprop	 stream	 tcp  nowait  root  /usr/local/sbin/kpropd  kpropd

       kpropd  can  also  run as a standalone daemon, backgrounding itself and
       waiting for connections on port 754 (or the port specified with the  -P
       option if given).  Standalone mode is required for incremental propaga‐
       tion.  Starting in release 1.11, kpropd automatically  detects  whether
       it  was run from inetd and runs in standalone mode if it is not.	 Prior
       to release 1.11, the -S option is required to run kpropd in  standalone
       mode;  this  option is now accepted for backward compatibility but does
       nothing.

       Incremental propagation may be enabled with the	iprop_enable  variable
       in kdc.conf(5).	If incremental propagation is enabled, the slave peri‐
       odically polls the master KDC for updates, at an interval determined by
       the  iprop_slave_poll  variable.	 If the slave receives updates, kpropd
       updates its log file with any updates from the master.  kproplog(8) can
       be used to view a summary of the update entry log on the slave KDC.  If
       incremental propagation is  enabled,  the  principal  kiprop/slavehost‐
       name@REALM  (where slavehostname is the name of the slave KDC host, and
       REALM is the name of the Kerberos realm) must be present in the slave's
       keytab file.

       kproplog(8)  can	 be  used  to  force  full  replication	 when iprop is
       enabled.

OPTIONS
       -r realm
	      Specifies the realm of the master server.

       -f file
	      Specifies the filename where the dumped principal database  file
	      is  to  be  stored;  by  default	the  dumped  database  file is
	      /var/lib/krb5kdc/from_master.

       -p     Allows the user to specify the pathname to the kdb5_util(8) pro‐
	      gram; by default the pathname used is /usr/sbin/kdb5_util.

       -d     Turn on debug mode.  In this mode, kpropd will not detach itself
	      from the current job and run in  the  background.	  Instead,  it
	      will run in the foreground and print out debugging messages dur‐
	      ing the database propagation.

       -P     Allow for an alternate port number  for  kpropd  to  listen  on.
	      This is only useful in combination with the -S option.

       -a acl_file
	      Allows  the  user to specify the path to the kpropd.acl file; by
	      default the path used is /var/lib/krb5kdc/kpropd.acl.

ENVIRONMENT
       kpropd uses the following environment variables:

       · KRB5_CONFIG

       · KRB5_KDC_PROFILE

FILES
       kpropd.acl
	      Access   file   for   kpropd;   the    default	location    is
	      /usr/local/var/krb5kdc/kpropd.acl.   Each	 entry	is a line con‐
	      taining the principal of a host from  which  the	local  machine
	      will allow Kerberos database propagation via kprop(8).

SEE ALSO
       kprop(8), kdb5_util(8), krb5kdc(8), inetd(8)

AUTHOR
       MIT

COPYRIGHT
       1985-2013, MIT

1.12.1								     KPROPD(8)
[top]

List of man pages available for Alpinelinux

Copyright (c) for man pages and the logo by the respective OS vendor.

For those who want to learn more, the polarhome community provides shell access and support.

[legal] [privacy] [GNU] [policy] [cookies] [netiquette] [sponsors] [FAQ]
Tweet
Polarhome, production since 1999.
Member of Polarhome portal.
Based on Fawad Halim's script.
....................................................................
Vote for polarhome
Free Shell Accounts :: the biggest list on the net