Home Explore Help
Register Sign In
client_service
/
voice-gateway
2
0
Fork 0
Files Issues 0 Pull Requests 0 Wiki
Tree: ae246bcdcf
Branches Tags
voice-gateway
/
miniconda3
/
pkgs
/
krb5-1.20.1-h143b758_1
/
share
/
man
/
man8
/
kpropd.8

kpropd.8 6.2 KB
History Raw

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171 
  1. .\" Man page generated from reStructuredText.
    2. 

  2. .
    3. 

  3. .TH "KPROPD" "8" " " "1.20.1" "MIT Kerberos"
    4. 

  4. .SH NAME
    5. 

  5. kpropd \- Kerberos V5 replica KDC update server
    6. 

  6. .
    7. 

  7. .nr rst2man-indent-level 0
    8. 

  8. .
    9. 

  9. .de1 rstReportMargin
    10. 

  10. \\$1 \\n[an-margin]
    11. 

  11. level \\n[rst2man-indent-level]
    12. 

  12. level margin: \\n[rst2man-indent\\n[rst2man-indent-level]]
    13. 

  13. -
    14. 

  14. \\n[rst2man-indent0]
    15. 

  15. \\n[rst2man-indent1]
    16. 

  16. \\n[rst2man-indent2]
    17. 

  17. ..
    18. 

  18. .de1 INDENT
    19. 

  19. .\" .rstReportMargin pre:
    20. 

  20. . RS \\$1
    21. 

  21. . nr rst2man-indent\\n[rst2man-indent-level] \\n[an-margin]
    22. 

  22. . nr rst2man-indent-level +1
    23. 

  23. .\" .rstReportMargin post:
    24. 

  24. ..
    25. 

  25. .de UNINDENT
    26. 

  26. . RE
    27. 

  27. .\" indent \\n[an-margin]
    28. 

  28. .\" old: \\n[rst2man-indent\\n[rst2man-indent-level]]
    29. 

  29. .nr rst2man-indent-level -1
    30. 

  30. .\" new: \\n[rst2man-indent\\n[rst2man-indent-level]]
    31. 

  31. .in \\n[rst2man-indent\\n[rst2man-indent-level]]u
    32. 

  32. ..
    33. 

  33. .SH SYNOPSIS
    34. 

  34. .sp
    35. 

  35. \fBkpropd\fP
    36. 

  36. [\fB\-r\fP \fIrealm\fP]
    37. 

  37. [\fB\-A\fP \fIadmin_server\fP]
    38. 

  38. [\fB\-a\fP \fIacl_file\fP]
    39. 

  39. [\fB\-f\fP \fIreplica_dumpfile\fP]
    40. 

  40. [\fB\-F\fP \fIprincipal_database\fP]
    41. 

  41. [\fB\-p\fP \fIkdb5_util_prog\fP]
    42. 

  42. [\fB\-P\fP \fIport\fP]
    43. 

  43. [\fB\-\-pid\-file\fP=\fIpid_file\fP]
    44. 

  44. [\fB\-D\fP]
    45. 

  45. [\fB\-d\fP]
    46. 

  46. [\fB\-s\fP \fIkeytab_file\fP]
    47. 

  47. .SH DESCRIPTION
    48. 

  48. .sp
    49. 

  49. The \fIkpropd\fP command runs on the replica KDC server.  It listens for
    50. 

  50. update requests made by the kprop(8) program.  If incremental
    51. 

  51. propagation is enabled, it periodically requests incremental updates
    52. 

  52. from the primary KDC.
    53. 

  53. .sp
    54. 

  54. When the replica receives a kprop request from the primary, kpropd
    55. 

  55. accepts the dumped KDC database and places it in a file, and then runs
    56. 

  56. kdb5_util(8) to load the dumped database into the active
    57. 

  57. database which is used by krb5kdc(8)\&.  This allows the primary
    58. 

  58. Kerberos server to use kprop(8) to propagate its database to
    59. 

  59. the replica servers.  Upon a successful download of the KDC database
    60. 

  60. file, the replica Kerberos server will have an up\-to\-date KDC
    61. 

  61. database.
    62. 

  62. .sp
    63. 

  63. Where incremental propagation is not used, kpropd is commonly invoked
    64. 

  64. out of inetd(8) as a nowait service.  This is done by adding a line to
    65. 

  65. the \fB/etc/inetd.conf\fP file which looks like this:
    66. 

  66. .INDENT 0.0
    67. 

  67. .INDENT 3.5
    68. 

  68. .sp
    69. 

  69. .nf
    70. 

  70. .ft C
    71. 

  71. kprop  stream  tcp  nowait  root  /usr/local/sbin/kpropd  kpropd
    72. 

  72. .ft P
    73. 

  73. .fi
    74. 

  74. .UNINDENT
    75. 

  75. .UNINDENT
    76. 

  76. .sp
    77. 

  77. kpropd can also run as a standalone daemon, backgrounding itself and
    78. 

  78. waiting for connections on port 754 (or the port specified with the
    79. 

  79. \fB\-P\fP option if given).  Standalone mode is required for incremental
    80. 

  80. propagation.  Starting in release 1.11, kpropd automatically detects
    81. 

  81. whether it was run from inetd and runs in standalone mode if it is
    82. 

  82. not.  Prior to release 1.11, the \fB\-S\fP option is required to run
    83. 

  83. kpropd in standalone mode; this option is now accepted for backward
    84. 

  84. compatibility but does nothing.
    85. 

  85. .sp
    86. 

  86. Incremental propagation may be enabled with the \fBiprop_enable\fP
    87. 

  87. variable in kdc.conf(5)\&.  If incremental propagation is
    88. 

  88. enabled, the replica periodically polls the primary KDC for updates, at
    89. 

  89. an interval determined by the \fBiprop_replica_poll\fP variable.  If the
    90. 

  90. replica receives updates, kpropd updates its log file with any updates
    91. 

  91. from the primary.  kproplog(8) can be used to view a summary of
    92. 

  92. the update entry log on the replica KDC.  If incremental propagation
    93. 

  93. is enabled, the principal \fBkiprop/replicahostname@REALM\fP (where
    94. 

  94. \fIreplicahostname\fP is the name of the replica KDC host, and \fIREALM\fP is
    95. 

  95. the name of the Kerberos realm) must be present in the replica\(aqs
    96. 

  96. keytab file.
    97. 

  97. .sp
    98. 

  98. kproplog(8) can be used to force full replication when iprop is
    99. 

  99. enabled.
    100. 

  100. .SH OPTIONS
    101. 

  101. .INDENT 0.0
    102. 

  102. .TP
    103. 

  103. \fB\-r\fP \fIrealm\fP
    104. 

  104. Specifies the realm of the primary server.
    105. 

  105. .TP
    106. 

  106. \fB\-A\fP \fIadmin_server\fP
    107. 

  107. Specifies the server to be contacted for incremental updates; by
    108. 

  108. default, the primary admin server is contacted.
    109. 

  109. .TP
    110. 

  110. \fB\-f\fP \fIfile\fP
    111. 

  111. Specifies the filename where the dumped principal database file is
    112. 

  112. to be stored; by default the dumped database file is \fB/croot/krb5_1686930994487/_h_env_placehold_placehold_placehold_placehold_placehold_placehold_placehold_placehold_placehold_placehold_placehold_placehold_placehold_placehold_placehold_placehold_placehold_placehold_placehold_placehold_placehold_placehold_pl/var\fP\fB/krb5kdc\fP\fB/from_master\fP\&.
    113. 

  113. .TP
    114. 

  114. \fB\-F\fP \fIkerberos_db\fP
    115. 

  115. Path to the Kerberos database file, if not the default.
    116. 

  116. .TP
    117. 

  117. \fB\-p\fP
    118. 

  118. Allows the user to specify the pathname to the kdb5_util(8)
    119. 

  119. program; by default the pathname used is \fB/croot/krb5_1686930994487/_h_env_placehold_placehold_placehold_placehold_placehold_placehold_placehold_placehold_placehold_placehold_placehold_placehold_placehold_placehold_placehold_placehold_placehold_placehold_placehold_placehold_placehold_placehold_pl/sbin\fP\fB/kdb5_util\fP\&.
    120. 

  120. .TP
    121. 

  121. \fB\-D\fP
    122. 

  122. In this mode, kpropd will not detach itself from the current job
    123. 

  123. and run in the background.  Instead, it will run in the
    124. 

  124. foreground.
    125. 

  125. .TP
    126. 

  126. \fB\-d\fP
    127. 

  127. Turn on debug mode.  kpropd will print out debugging messages
    128. 

  128. during the database propogation and will run in the foreground
    129. 

  129. (implies \fB\-D\fP).
    130. 

  130. .TP
    131. 

  131. \fB\-P\fP
    132. 

  132. Allow for an alternate port number for kpropd to listen on.  This
    133. 

  133. is only useful in combination with the \fB\-S\fP option.
    134. 

  134. .TP
    135. 

  135. \fB\-a\fP \fIacl_file\fP
    136. 

  136. Allows the user to specify the path to the kpropd.acl file; by
    137. 

  137. default the path used is \fB/croot/krb5_1686930994487/_h_env_placehold_placehold_placehold_placehold_placehold_placehold_placehold_placehold_placehold_placehold_placehold_placehold_placehold_placehold_placehold_placehold_placehold_placehold_placehold_placehold_placehold_placehold_pl/var\fP\fB/krb5kdc\fP\fB/kpropd.acl\fP\&.
    138. 

  138. .TP
    139. 

  139. \fB\-\-pid\-file\fP=\fIpid_file\fP
    140. 

  140. In standalone mode, write the process ID of the daemon into
    141. 

  141. \fIpid_file\fP\&.
    142. 

  142. .TP
    143. 

  143. \fB\-s\fP \fIkeytab_file\fP
    144. 

  144. Path to a keytab to use for acquiring acceptor credentials.
    145. 

  145. .TP
    146. 

  146. \fB\-x\fP \fIdb_args\fP
    147. 

  147. Database\-specific arguments.  See Database Options in kadmin(1) for supported arguments.
    148. 

  148. .UNINDENT
    149. 

  149. .SH FILES
    150. 

  150. .INDENT 0.0
    151. 

  151. .TP
    152. 

  152. .B kpropd.acl
    153. 

  153. Access file for kpropd; the default location is
    154. 

  154. \fB/usr/local/var/krb5kdc/kpropd.acl\fP\&.  Each entry is a line
    155. 

  155. containing the principal of a host from which the local machine
    156. 

  156. will allow Kerberos database propagation via kprop(8)\&.
    157. 

  157. .UNINDENT
    158. 

  158. .SH ENVIRONMENT
    159. 

  159. .sp
    160. 

  160. See kerberos(7) for a description of Kerberos environment
    161. 

  161. variables.
    162. 

  162. .SH SEE ALSO
    163. 

  163. .sp
    164. 

  164. kprop(8), kdb5_util(8), krb5kdc(8),
    165. 

  165. kerberos(7), inetd(8)
    166. 

  166. .SH AUTHOR
    167. 

  167. MIT
    168. 

  168. .SH COPYRIGHT
    169. 

  169. 1985-2022, MIT
    170. 

  170. .\" Generated by docutils manpage writer.
    171. 

  171. .
    172.