|
|
This manual page is for Mac OS X version 10.6.3If you are running a different version of Mac OS X, view the documentation locally:
Reading manual pagesManual pages are intended as a quick reference for people who already understand a technology.
|
KPROPD(8) KPROPD(8)
NAME
kpropd - Kerberos V5 slave KDC update server
SYNOPSIS
kpropd [ -r realm ] [ -f slave_dumpfile ] [ -F principal_database ] [ -p kdb5_util_prog ] [ -d ] [ -S
] [ -P port ]
DESCRIPTION
The kpropd command runs on the slave KDC server. It listens for update requests made by the kprop(8)
program, and periodically requests incremental updates from the master KDC.
When the slave receives a kprop request from the master, kpropd accepts the dumped KDC database and
places it in a file, and then runs kdb5_util(8) to load the dumped database into the active database
which is used by krb5kdc(8). Thus, the master Kerberos server can use kprop(8) to propagate its
database to the slave slavers. Upon a successful download of the KDC database file, the slave Ker-beros Kerberos
beros server will have an up-to-date KDC database.
Normally, kpropd is invoked out of inetd(8). This is done by adding a line to the inetd.conf file
which looks like this:
kprop stream tcp nowait root /usr/sbin/kpropd kpropd
However, kpropd can also run as a standalone deamon, if the -S option is turned on. This is done for
debugging purposes, or if for some reason the system administrator just doesn't want to run it out of
inetd(8).
When the slave periodically requests incremental updates, kpropd updates its principal.ulog file with
any updates from the master. kproplog(8) can be used to view a summary of the update entry log on
the slave KDC. Incremental propagation is not enabled by default; it can be enabled using the
iprop_enable and iprop_slave_poll settings in kdc.conf(5). The principal "kiprop/slavehost-name@REALM" "kiprop/slavehostname@REALM"
name@REALM" (where "slavehostname" is the name of the slave KDC host, and "REALM" is the name of the
Kerberos realm) must be present in the slave's keytab file.
OPTIONS
-r realm
specifies the realm of the master server; by default the realm returned by
krb5_default_local_realm(3) is used.
-f file
specifies the filename where the dumped principal database file is to be stored; by default
the dumped database file is KPROPD_DEFAULT_FILE (normally /var/db/krb5kdc/from_master).
-p allows the user to specify the pathname to the kdb5_util(8) program; by default the pathname
used is KPROPD_DEFAULT_KDB5_UTIL (normally /usr/sbin/kdb5_util).
-S turn on standalone mode. Normally, kpropd is invoked out of inetd(8) so it expects a network
connection to be passed to it from inetd (8). If the -S option is specified, kpropd will put
itself into the background, and wait for connections to the KPROP_SERVICE port (normally
krb5_prop).
-d turn on debug mode. In this mode, if the -S option is selected, kpropd will not detach itself
from the current job and run in the background. Instead, it will run in the foreground and
print out debugging messages during the database propagation.
-P allow for an alternate port number for kpropd to listen on. This is only useful if the program
is run in standalone mode.
-a allows the user to specify the path to the kpropd.acl file; by default the path used is
KPROPD_ACL_FILE (normally /var/db/krb5kdc/kpropd.acl).
FILES
kpropd.acl Access file for kpropd; the default location is KPROPD_ACL_FILE (normally
/var/db/krb5kdc/kpropd.acl). Each entry is a line containing the principal of a host
from which the local machine will allow Kerberos database propagation via kprop.
SEE ALSO
kprop(8), kdb5_util(8), krb5kdc(8), inetd(8)
KPROPD(8)
|
The way to report a problem with this manual page depends on the type of problem: