Man page or keyword search:   man All Sections 1 - General Commands 2 - System Calls 3 - Subroutines, Functions 4 - Special Files 5 - File Formats 6 - Games and Screensavers 7 - Macros and Conventions 8 - Maintenence Commands 9 - Kernel Interface New Commands Server 4.4BSD AIX Alpinelinux Archlinux Aros BSDOS BSDi Bifrost CentOS Cygwin Darwin Debian DigitalUNIX DragonFly ElementaryOS Fedora FreeBSD Gentoo GhostBSD HP-UX Haiku Hurd IRIX Inferno JazzOS Kali Knoppix LinuxMint MacOSX Mageia Mandriva Manjaro Minix MirBSD NeXTSTEP NetBSD OPENSTEP OSF1 OpenBSD OpenDarwin OpenIndiana OpenMandriva OpenServer OpenSuSE OpenVMS Oracle PC-BSD Peanut Pidora Plan9 QNX Raspbian RedHat Scientific Slackware SmartOS Solaris SuSE SunOS Syllable Tru64 UNIXv7 Ubuntu Ultrix UnixWare Xenix YellowDog aLinux   29550 pages apropos Keyword Search (all sections) Output format html ascii pdf view pdf save postscript

KPROPD(8)			 MIT Kerberos			     KPROPD(8)

NAME
       kpropd - Kerberos V5 slave KDC update server

SYNOPSIS
       kpropd [-r realm] [-a acl_file] [-f slave_dumpfile] [-F principal_data‐
       base] [-p kdb5_util_prog] [-P port] [-d]

DESCRIPTION
       The kpropd command runs on the slave KDC server.	 It listens for update
       requests	 made  by the kprop(8) program.	 If incremental propagation is
       enabled, it periodically requests incremental updates from  the	master
       KDC.

       When the slave receives a kprop request from the master, kpropd accepts
       the dumped KDC database	and  places  it	 in  a	file,  and  then  runs
       kdb5_util(8) to load the dumped database into the active database which
       is used by krb5kdc(8).  This allows the master Kerberos server  to  use
       kprop(8)	 to  propagate its database to the slave servers.  Upon a suc‐
       cessful download of the KDC database file, the  slave  Kerberos	server
       will have an up-to-date KDC database.

       Where  incremental  propagation is not used, kpropd is commonly invoked
       out of inetd(8) as a nowait service.  This is done by adding a line  to
       the /etc/inetd.conf file which looks like this:

	      kprop  stream  tcp  nowait  root	/usr/local/sbin/kpropd	kpropd

       kpropd  can  also  run  as  a  standalone daemon.  This is required for
       incremental propagation.	 But this is also useful  for  debugging  pur‐
       poses.

       Incremental  propagation	 may be enabled with the iprop_enable variable
       in kdc.conf(5).	If incremental propagation is enabled, the slave peri‐
       odically polls the master KDC for updates, at an interval determined by
       the iprop_slave_poll variable.  If the slave receives  updates,	kpropd
       updates its log file with any updates from the master.  kproplog(8) can
       be used to view a summary of the update entry log on the slave KDC.  If
       incremental  propagation	 is  enabled,  the principal kiprop/slavehost‐
       name@REALM (where slavehostname is the name of the slave KDC host,  and
       REALM is the name of the Kerberos realm) must be present in the slave's
       keytab file.

       kproplog(8) can be  used	 to  force  full  replication  when  iprop  is
       enabled.

OPTIONS
       -r realm
	      Specifies the realm of the master server.

       -f file
	      Specifies	 the filename where the dumped principal database file
	      is to  be	 stored;  by  default  the  dumped  database  file  is
	      /var/kerberos/krb5kdc/from_master.

       -p     Allows the user to specify the pathname to the kdb5_util(8) pro‐
	      gram; by default the pathname used is /usr/sbin/kdb5_util.

       -S     [DEPRECATED] Enable standalone mode.  Normally kpropd is invoked
	      by  inetd(8)  so it expects a network connection to be passed to
	      it from inetd(8).	 If the -S option is specified, or if standard
	      input  is	 not  a	 socket, kpropd will put itself into the back‐
	      ground, and wait for connections on port 754 (or the port speci‐
	      fied with the -P option if given).

       -d     Turn on debug mode.  In this mode, if the -S option is selected,
	      kpropd will not detach itself from the current job  and  run  in
	      the  background.	 Instead,  it  will  run in the foreground and
	      print out debugging messages during the database propagation.

       -P     Allow for an alternate port number  for  kpropd  to  listen  on.
	      This is only useful in combination with the -S option.

       -a acl_file
	      Allows  the  user to specify the path to the kpropd.acl file; by
	      default the path used is /var/kerberos/krb5kdc/kpropd.acl.

ENVIRONMENT
       kpropd uses the following environment variables:

       · KRB5_CONFIG

       · KRB5_KDC_PROFILE

FILES
       kpropd.acl
	      Access   file   for   kpropd;   the    default	location    is
	      /usr/local/var/krb5kdc/kpropd.acl.   Each	 entry	is a line con‐
	      taining the principal of a host from  which  the	local  machine
	      will allow Kerberos database propagation via kprop(8).

SEE ALSO
       kprop(8), kdb5_util(8), krb5kdc(8), inetd(8)

AUTHOR
       MIT

COPYRIGHT
       1985-2013, MIT

1.11.3								     KPROPD(8)

Vote for polarhome