x SuSE Linux 13.1-RELEASE x
x SuSE Linux 13.1-RELEASEx
KPROPD(8) MIT Kerberos KPROPD(8)
NAME
kpropd - Kerberos V5 replica KDC update server
SYNOPSIS
kpropd [-r realm] [-A admin_server] [-a acl_file] [-f replica_dumpfile]
[-F principal_database] [-p kdb5_util_prog] [-P port]
[--pid-file=pid_file] [-D] [-d] [-s keytab_file]
DESCRIPTION
The kpropd command runs on the replica KDC server. It listens for up-
date requests made by the kprop(8) program. If incremental propagation
is enabled, it periodically requests incremental updates from the pri-
mary KDC.
When the replica receives a kprop request from the primary, kpropd ac-
cepts the dumped KDC database and places it in a file, and then runs
kdb5_util(8) to load the dumped database into the active database which
is used by krb5kdc(8). This allows the primary Kerberos server to use
kprop(8) to propagate its database to the replica servers. Upon a suc-
cessful download of the KDC database file, the replica Kerberos server
will have an up-to-date KDC database.
Where incremental propagation is not used, kpropd is commonly invoked
out of inetd(8) as a nowait service. This is done by adding a line to
the /etc/inetd.conf file which looks like this:
kprop stream tcp nowait root /usr/lib/mit/sbin/kpropd kpropd
kpropd can also run as a standalone daemon, backgrounding itself and
waiting for connections on port 754 (or the port specified with the -P
option if given). Standalone mode is required for incremental propaga-
tion. Starting in release 1.11, kpropd automatically detects whether
it was run from inetd and runs in standalone mode if it is not. Prior
to release 1.11, the -S option is required to run kpropd in standalone
mode; this option is now accepted for backward compatibility but does
nothing.
Incremental propagation may be enabled with the iprop_enable variable
in kdc.conf(5). If incremental propagation is enabled, the replica pe-
riodically polls the primary KDC for updates, at an interval determined
by the iprop_replica_poll variable. If the replica receives updates,
kpropd updates its log file with any updates from the primary. kpro-
plog(8) can be used to view a summary of the update entry log on the
replica KDC. If incremental propagation is enabled, the principal
kiprop/replicahostname@REALM (where replicahostname is the name of the
replica KDC host, and REALM is the name of the Kerberos realm) must be
present in the replica's keytab file.
kproplog(8) can be used to force full replication when iprop is en-
abled.
OPTIONS
-r realm
Specifies the realm of the primary server.
-A admin_server
Specifies the server to be contacted for incremental updates; by
default, the primary admin server is contacted.
-f file
Specifies the filename where the dumped principal database file
is to be stored; by default the dumped database file is
/var/lib/kerberos/krb5kdc/from_master.
-F kerberos_db
Path to the Kerberos database file, if not the default.
-p Allows the user to specify the pathname to the kdb5_util(8) pro-
gram; by default the pathname used is
/usr/lib/mit/sbin/kdb5_util.
-D In this mode, kpropd will not detach itself from the current job
and run in the background. Instead, it will run in the fore-
ground.
-d Turn on debug mode. kpropd will print out debugging messages
during the database propogation and will run in the foreground
(implies -D).
-P Allow for an alternate port number for kpropd to listen on.
This is only useful in combination with the -S option.
-a acl_file
Allows the user to specify the path to the kpropd.acl file; by
default the path used is /var/lib/kerberos/krb5kdc/kpropd.acl.
--pid-file=pid_file
In standalone mode, write the process ID of the daemon into
pid_file.
-s keytab_file
Path to a keytab to use for acquiring acceptor credentials.
-x db_args
Database-specific arguments. See Database Options in kadmin(1)
for supported arguments.
FILES
kpropd.acl
Access file for kpropd; the default location is /usr/lo-
cal/var/krb5kdc/kpropd.acl. Each entry is a line containing the
principal of a host from which the local machine will allow Ker-
beros database propagation via kprop(8).
ENVIRONMENT
See kerberos(7) for a description of Kerberos environment variables.
SEE ALSO
kprop(8), kdb5_util(8), krb5kdc(8), kerberos(7), inetd(8)
AUTHOR
MIT
COPYRIGHT
1985-2022, MIT
1.20.1 KPROPD(8)
Want to link to this manual page? Use this URL:
<http://star2.abcm.com/cgi-bin/bsdi-man?query=kpropd&sektion=8&manpath=>