summaryrefslogtreecommitdiffstats
path: root/src/slave/kpropd.M
blob: 3228ed95326386ce0f4039c27fe03eb39b46a72b (plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
.\" slave/kpropd.M
.\"
.\" Copyright 1992 by the Massachusetts Institute of Technology.
.\"
.\" Export of this software from the United States of America may
.\"   require a specific license from the United States Government.
.\"   It is the responsibility of any person or organization contemplating
.\"   export to obtain such a license before exporting.
.\" 
.\" WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
.\" distribute this software and its documentation for any purpose and
.\" without fee is hereby granted, provided that the above copyright
.\" notice appear in all copies and that both that copyright notice and
.\" this permission notice appear in supporting documentation, and that
.\" the name of M.I.T. not be used in advertising or publicity pertaining
.\" to distribution of the software without specific, written prior
.\" permission.  M.I.T. makes no representations about the suitability of
.\" this software for any purpose.  It is provided "as is" without express
.\" or implied warranty.
.\" 
.\"
.TH KPROPD 8
.SH NAME
kpropd \- Kerberos V5 slave KDC update server
.SH SYNOPSIS
.B kprop
[
.B \-r
.I realm
] [
.B \-f
.I slave_dumpfile
] [
.B \-F
.I principal_database
] [
.B \-p
.I kdb5_edit_prog
] [
.B \-d
] [
.B \-S
] [
.B \-P
.I port
]
.br
.SH DESCRIPTION
.I kpropd 
is the server which accepts connections from the 
.IR kprop (8)
program.  
.I kpropd 
accepts the dumped KDC database and places it in a file, and then runs 
.IR kdb5_edit (8)
to load the dumped database into the active database which is used by 
.IR krb5kdc (8).
Thus, the master Kerberos server can use 
.IR kprop (8)
to propagate its database to the slave slavers.  Upon a successful download 
of the KDC database file, the slave Kerberos server will have an
up-to-date KDC database. 
.PP
Normally, kpropd is invoked out of 
.I inetd(8).  
This is done by adding a line to the inetd.conf file which looks like
this:

kprop	stream	tcp	nowait	root	/krb5/bin/kpropd	kpropd

However, kpropd can also run as a standalone deamon, if the
.B \-S
option is turned on.  This is done for debugging purposes, or if for
some reason the system administrator just doesn't want to run it out of
.IR inetd (8).
.SH OPTIONS
.TP
\fB\-r\fP \fIrealm\fP
specifies the realm of the master server; by default the realm returned
by
.IR krb5_default_local_realm (3)
is used.
.TP
\fB\-f\fP \fIfile\fP
specifies the filename where the dumped principal database file is to be
stored; by default the dumped database file is KPROPD_DEFAULT_FILE
(normally /krb5/from_master).
.TP
.B \-p
allows the user to specify the pathname to the
.IR kdb5_edit (8)
program; by default the pathname used is KPROPD_DEFAULT_KDB5_EDIT
(normally /krb5/bin/kdb5_edit).
.TP
.B \-S
turn on standalone mode.  Normally, kpropd is invoked out of
.IR inetd (8)
so it expects a network connection to be passed to it from
.I inetd (8).
If the 
.B \-S 
option is specified, kpropd will put itself into the background, and
wait for connections to the KPROP_SERVICE port (normally krb5_prop).
.TP
.B \-d
turn on debug mode.  In this mode, if the
.B \-S 
option is selected, 
.I kpropd
will not detach itself from the current job and run in the background.
Instead, it will run in the foreground and print out debugging messages
during the database propagation.
.TP
.B \-P
allow for an alternate port number for
.I kpropd
to listen on. This is only useful if the program is run in standalone
mode.
.SH FILES
.TP "\w'kpropd.acl\ \ 'u"
kpropd.acl
Access file for
.BR kpropd .
Each entry is a line containing the principal of a host from which the
local machine will allow Kerberos database propagation via kprop.
.SH SEE ALSO
kprop(8), kdb5_edit(8), krb5kdc(8), inetd(8)