kpropd(1M) System Administration Commands kpropd(1M)NAMEkpropd - Kerberos propagation daemon for slave KDCs
SYNOPSIS
/usr/lib/krb5/kpropd [-d] [-f temp_dbfile] [-F dbfile]
[-p kdb_util] [-P port_number] [-r realm]
[-s srv_tabfile] [-S] [-a acl_file]
DESCRIPTION
The kpropd command runs on the slave KDC server. It listens for update
requests made by kprop(1M) from the master KDC and periodically
requests incremental updates from the master KDC.
When the slave receives a kprop request from the master, kpropd copies
principal data to a temporary text file. Next, kpropd invokes
kdb5_util(1M) (unless a different database utility is selected) to load
the text file in database format.
When the slave periodically requests incremental updates, kpropd update
its principal.ulog file with any updates from the master. kproplog(1M)
can be used to view a summary of the update entry log on the slave KDC.
kpropd is not configured for incremental database propagation by
default. These settings can be changed in the kdc.conf(4) file:
sunw_dbprop_enable = [true | false]
Enables or disables incremental database propagation. Default is
false.
sunw_dbprop_slave_poll = N[s, m, h]
Specifies how often the slave KDC polls for any updates that the
master might have. Default is 2m (two minutes).
The kiprop/<hostname>@<REALM> principal must exist in the slave's
keytab file to enable the master to authenticate incremental propaga‐
tion requests from the slave. In this syntax, <hostname> is the slave
KDC's host name and <REALM> is the realm in which the slave KDC
resides.
OPTIONS
The following options are supported:
-d Enable debug mode. Default is debug mode disabled.
-f temp_dbfile The location of the slave's temporary principal data‐
base file. Default is /var/krb5/from_master.
-F dbfile The location of the slave's principal database file.
Default is /var/krb5/principal.
-p kdb_util The location of the Kerberos database utility used
for loading principal databases. Default is
/usr/sbin/kdb5_util.
-P port_number Specifies the port number on which kpropd will lis‐
ten. Default is 754 (service name: krb5_prop).
-r realm Specifies from which Kerberos realm kpropd will
receive information. Default is specified in
/etc/krb5/krb5.conf.
-s srv_tabfile The location of the service table file used to
authenticate the kpropd daemon.
-S Run the daemon in standalone mode, instead of having
inetd listen for requests. Default is non-standalone
mode.
-a acl_file The location of the kpropd's access control list to
verify if this server can run the kpropd daemon. The
file contains a list of principal name(s) that will
be receiving updates. Default is
/etc/krb5/kpropd.acl.
FILES
/var/krb5/principal Kerberos principal database.
/var/krb5/principal.ulog The update log file.
/etc/krb5/kdc.conf KDC configuration information.
/etc/krb5/kpropd.acl List of principals of all the KDCs; resides
on each slave KDC.
/var/krb5/from_master Temporary file used by kpropd before load‐
ing this to the principal database.
ATTRIBUTES
See attributes(5) for descriptions of the following attributes:
┌─────────────────────────────┬─────────────────────────────┐
│ ATTRIBUTE TYPE │ ATTRIBUTE VALUE │
├─────────────────────────────┼─────────────────────────────┤
│Availability │system/security/kerberos-5 │
├─────────────────────────────┼─────────────────────────────┤
│Interface Stability │Committed │
└─────────────────────────────┴─────────────────────────────┘
SEE ALSOkdb5_util(1M), kprop(1M), kproplog(1M), kdc.conf(4), krb5.conf(4),
attributes(5), kerberos(5)NOTES
The kprop service is managed by the service management facility,
smf(5), under the service identifier:
svc:/network/security/krb5_prop:default
Administrative actions on this service, such as enabling, disabling, or
requesting restart, can be performed using svcadm(1M). Responsibility
for initiating and restarting this service is delegated to inetd(1M).
Use inetadm(1M) to make configuration changes and to view configuration
information for this service. The service's status can be queried using
the svcs(1) command.
SunOS 5.11 11 Jul 2005 kpropd(1M)
