kprop(8krb)
Name
kprop − Kerberos utility
Syntax
/var/dss/kerberos/bin/kprop database slaves_file [ −force ] [ −safe | clear ]
[−realm realm_name]
Description
The kprop daemon runs on a Kerberos master and propagates the Kerberos database to the Kerberos slaves, where it is received by the waiting kpropd daemon.
The first parameter, database, is the name of the file out of which data is extracted. This file is not the ndbm-formatted Kerberos database, /var/dss/kerberos/dbase/principal. See the ndbm(3) reference page for more information. database is a file created by the kdb_util slave_dump command. It is an ASCII representation of the Kerberos database (see the reference page for krb_dbase(5krb).
The second parameter that must be supplied is slaves_file, the name of the file on the Kerberos master that lists the Kerberos slaves to which kprop propagates the Kerberos master database. The slaves_file is created in krb_slaves(5krb) format.
kprop first determines whether the ASCII Kerberos database, database, was correctly dumped by kdb_util. It accomplishes this by determining if database is older than the database.dump_ok file created by kdb_util during the slave_dump operation. If it is older, the dump did not succeed or is not yet finished. If the dump did not complete successfully or has not yet completed, the master database is not transferred to any Kerberos slave. Otherwise, kprop determines, for each slave server listed in the slaves_file, whether or not the database has changed since the last successful transfer to the slave. It determines this for slave server cactus by comparing the modification time of the /etc/cactus-last-prop file with the modification time of database. If the /etc/cactus-last-prop file is newer, then the database, database, need not be transferred to cactus. Finally, kprop propagates the database to those servers which need a new copy of the database and updates the modification time of the /etc/server-last-prop file for these slave servers.
Options
−safe Specifies that the data sent over the network is guaranteed to be authenticated at the destination and protected against modifications in transit. That is, kprop and kpropd, which are Kerberos principals, become Kerberos-authenticated to each other and send messages formatted by krb_mk_safe. For more information about krb_mk_safe, refer to the on-line reference page, kerberos(3krb).
−clear Specifies that all data should be sent in cleartext (unencrypted). This switch is useful when first setting up the Kerberos environment.
−realm
Specifies the realm name that you are in. If this option is not used, the realm_name is given in the /etc/krb.conf file. (See the krb.conf(5krb) reference page for more information.)
−force Forces the kprop on the Kerberos master to propagate the Kerberos database to the Kerberos slaves, even if there are no recent changes to the database. Without the force flag, the Kerberos database is not propagated if the database file has not changed since the last successful transfer.
Restrictions
kprop does not support the transfer of encrypted data.
Files
/usr/var/dss/kerberos/dbase/principal.dir
/usr/var/dss/kerberos/dbase/principal.pag
/usr/var/dss/kerberos/dbase/principal.ok
/etc/krb.conf
See Also
kpropd(8krb), krb.conf(5krb), kdb_util(8krb), krb_slaves(5krb), krb_dbase(8krb)