KPROPD(8)KPROPD(8)NAMEkpropd - Kerberos database slave server daemon
in.kpropd - shell script to start kpropdSYNOPSISkpropd [ -r realm ] [ -s srvtab ] [ -d database ] [ -u
port ] [ -l logfile ] [ -i ] [ -c command ] [ -C arg ]
filename
in.kpropd
DESCRIPTION
The kpropd daemon runs on a Kerberos slave server. A Ker-
beros slave server holds a copy of the master Kerberos
database. Any slave server may serve as a Key Distribu-
tion Center just as the master server does, permitting
people to use Kerberos programs even if the master server
is inaccessible.
The kprop(8) program running on the master server contacts
the kpropd daemon running on the slave server in order to
copy over the Kerberos database.
The kpropd daemon is normally started by arranging for
inetd(8) to run the in.kpropd shell script. Normally, a
line like this would be added to the /etc/inetd.conf file:
krb_prop stream tcp nowait root /usr/kerberos/etc/in.kpropd in.kpropd
The kpropd daemon may also be run directly as a server.
The kpropd daemon has a single required argument, which is
the name of a file in which to store the database received
from kprop(8) running on the master server (the in.kpropd
script passes /usr/kerberos/database/slavedb). After
kpropd receives the database information, it runs
kdb_util(8) to load it into the local Kerberos database.
The kpropd daemon will only accept data from machines
which are listed in krb.conf as an admin server. (Note
that this is different than the original MIT implementa-
tion which only accepted data from machines with a primary
DNS name of kerberos; this constraint is gone, as the
krb.conf entry is sufficient.)
OPTIONS-r realm
Set the Kerberos realm name. The default realm is
obtained using krb_get_lrealm(3).
-s srvtab
Set the name of the srvtab file to use when authenti-
cating the ticket received from kprop(8). The
default is /etc/krb-srvtab.
-d database
Set the name of the Kerberos database. This is a
MIT Project Athena Kerberos Version 4.0 1
KPROPD(8)KPROPD(8)
prefix used to name three files. The default is
/usr/kerberos/database/principal.
-u port
Set the port to accept connections on. This is only
meaningful if the -i option is not used. The default
is to use getservbyname(3) to look up the krb_prop
service. If that is not defined, kpropd uses 754.
-l logfile
Set the name of the log file. The default is
/usr/kerberos/database/kpropd.log.
-i Assume kpropd was run from inetd(8). The default is
for kpropd to open a socket and to loop accepting
connections.
-c command
Specify the path of the kdb_util(8) command which
kpropd should run after receiving the database. The
default is to just run kdb_util, assuming it is on
PATH.
-C arg
Set the argument to pass to kdb_util(8). The default
argument is load.
FILES
/usr/kerberos/database/principal
The default Kerberos database name.
/usr/kerberos/database/kpropd.log
The default log file name.
/usr/kerberos/database/slavedb
Default file name passed to kpropd by in.kpropd.
/etc/krb-srvtab
The default srvtab file.
SEE ALSOkprop(8), kdb_util(8), inetd(8), getservbyname(3)MIT Project Athena Kerberos Version 4.0 2