System Administration Commands kpropd(1M)
NAME
kpropd - Kerberos propagation daemon for slave KDCs
SYNOPSIS
/usr/lib/krb5/kpropd [-d] [-f tempdbfile] [-F dbfile]
[-p kdbutil] [-P portnumber] [-r realm]
[-s srvtabfile] [-S] [-a aclfile]
DESCRIPTION
The kpropd command runs on the slave KDC server. It listens
for update requests made by kprop(1M) from the master KDC
and periodically requests incremental updates from the mas-
ter KDC.
When the slave receives a kprop request from the master,
kpropd copies principal data to a temporary text file. Next,
kpropd invokes kdb5util(1M) (unless a different database
utility is selected) to load the text file in database for-
mat.
When the slave periodically requests incremental updates,
kpropd update its principal.ulog file with any updates from
the master. kproplog(1M) can be used to view a summary of
the update entry log on the slave KDC.
kpropd is not configured for incremental database propaga-
tion by default. These settings can be changed in the
kdc.conf(4) file:
sunwdbpropenable = [true false]
Enables or disables incremental database propagation.
Default is false.
sunwdbpropslavepoll = N[s, m, h]
Specifies how often the slave KDC polls for any updates
that the master might have. Default is 2m (two minutes).
The kiprop/@ principal must exist in the
slave's keytab file to enable the master to authenticate
incremental propagation requests from the slave. In this
syntax, is the slave KDC's host name and
is the realm in which the slave KDC resides.
SunOS 5.11 Last change: 11 Jul 2005 1
System Administration Commands kpropd(1M)
OPTIONS
The following options are supported:
-d Enable debug mode. Default is debug mode
disabled.
-f tempdbfile The location of the slave's temporary
principal database file. Default is
/var/krb5/frommaster.
-F dbfile The location of the slave's principal
database file. Default is
/var/krb5/principal.
-p kdbutil The location of the Kerberos database
utility used for loading principal data-
bases. Default is /usr/sbin/kdb5util.
-P portnumber Specifies the port number on which kpropd
will listen. Default is 754 (service name:
krb5prop).
-r realm Specifies from which Kerberos realm kpropd
will receive information. Default is
specified in /etc/krb5/krb5.conf.
-s srvtabfile The location of the service table file
used to authenticate the kpropd daemon.
-S Run the daemon in standalone mode, instead
of having inetd listen for requests.
Default is non-standalone mode.
-a aclfile The location of the kpropd's access con-
trol list to verify if this server can run
the kpropd daemon. The file contains a
list of principal name(s) that will be
receiving updates. Default is
/etc/krb5/kpropd.acl.
FILES
/var/krb5/principal Kerberos principal database.
SunOS 5.11 Last change: 11 Jul 2005 2
System Administration Commands kpropd(1M)
/var/krb5/principal.ulog The update log file.
/etc/krb5/kdc.conf KDC configuration information.
/etc/krb5/kpropd.acl List of principals of all the
KDCs; resides on each slave KDC.
/var/krb5/frommaster Temporary file used by kpropd
before loading this to the prin-
cipal database.
ATRIBUTES
See attributes(5) for descriptions of the following attri-
butes:
ATRIBUTE TYPE ATRIBUTE VALUE
Availability SUNWkdcu
Interface Stability Evolving
SEE ALSO
kdb5util(1M), kprop(1M), kproplog(1M), kdc.conf(4),
krb5.conf(4), attributes(5), kerberos(5)
NOTES
The kprop service is managed by the service management
facility, smf(5), under the service identifier:
svc:/network/security/krb5prop:default
Administrative actions on this service, such as enabling,
disabling, or requesting restart, can be performed using
svcadm(1M). Responsibility for initiating and restarting
this service is delegated to inetd(1M). Use inetadm(1M) to
make configuration changes and to view configuration infor-
mation for this service. The service's status can be queried
using the svcs(1) command.
SunOS 5.11 Last change: 11 Jul 2005 3
|
