Unix‎ > ‎Solaris‎ > ‎Solaris man pages‎ > ‎1m‎ > ‎


     kpropd - Kerberos propagation daemon for slave KDCs

     /usr/lib/krb5/kpropd [-d] [-f temp_dbfile] [-F dbfile]
         [-p kdb_util] [-P port_number] [-r realm]
         [-s srv_tabfile] [-S] [-a acl_file]

     The kpropd command runs on the slave KDC server. It  listens
     for  update  requests  made by kprop(1M) from the master KDC
     and periodically requests incremental updates from the  mas-
     ter KDC.

     When the slave receives a kprop  request  from  the  master,
     kpropd copies principal data to a temporary text file. Next,
     kpropd invokes kdb5_util(1M) (unless  a  different  database
     utility  is selected) to load the text file in database for-

     When the slave periodically  requests  incremental  updates,
     kpropd  update its principal.ulog file with any updates from
     the master. kproplog(1M) can be used to view  a  summary  of
     the update entry log on the slave KDC.

     kpropd is not configured for incremental  database  propaga-
     tion  by  default.  These  settings  can  be  changed in the
     kdc.conf(4) file:

     sunw_dbprop_enable = [true | false]

         Enables or disables  incremental  database  propagation.
         Default is false.

     sunw_dbprop_slave_poll = N[s, m, h]

         Specifies how often the slave KDC polls for any  updates
         that the master might have. Default is 2m (two minutes).

     The kiprop/<hostname>@<REALM> principal must  exist  in  the
     slave's  keytab  file  to  enable the master to authenticate
     incremental propagation requests from  the  slave.  In  this
     syntax,  <hostname> is the slave KDC's host name and <REALM>
     is the realm in which the slave KDC resides.

     The following options are supported:


         Enable debug mode. Default is debug mode disabled.

     -f temp_dbfile

         The location of the slave's temporary principal database
         file. Default is /var/krb5/from_master.

     -F dbfile

         The location of the  slave's  principal  database  file.
         Default is /var/krb5/principal.

     -p kdb_util

         The location of the Kerberos database utility  used  for
         loading      principal     databases.     Default     is

     -P port_number

         Specifies the port number on which kpropd  will  listen.
         Default is 754 (service name: krb5_prop).

     -r realm

         Specifies from which Kerberos realm kpropd will  receive
         information.      Default      is      specified      in

     -s srv_tabfile

         The location of the service table file used to authenti-
         cate the kpropd daemon.


         Run the daemon in standalone  mode,  instead  of  having
         inetd  listen  for  requests.  Default is non-standalone

     -a acl_file

         The location of the kpropd's access control list to ver-
         ify  if  this server can run the kpropd daemon. The file
         contains a  list  of  principal  name(s)  that  will  be
         receiving updates. Default is /etc/krb5/kpropd.acl.


         Kerberos principal database.


         The update log file.


         KDC configuration information.


         List of principals of all  the  KDCs;  resides  on  each
         slave KDC.


         Temporary file used by kpropd before loading this to the
         principal database.

     See attributes(5) for descriptions of the  following  attri-

    |       ATTRIBUTE TYPE        |       ATTRIBUTE VALUE       |
    | Availability                | SUNWkdcu                    |
    | Interface Stability         | Evolving                    |

     kdb5_util(1M),   kprop(1M),    kproplog(1M),    kdc.conf(4),
     krb5.conf(4), attributes(5), kerberos(5)

Man pages from Solaris 10 Update 8. See docs.sun.com and www.oracle.com for further documentation and Solaris information.