table of contents
| HPROP(8) | System Manager's Manual | HPROP(8) |
NAME¶
hprop — propagate
the KDC database
SYNOPSIS¶
hprop |
[-m
file | --master-key=file]
[-d file | --database=file]
[--source=heimdal|mit-dump]
[-r string | --v4-realm=string]
[-c cell | --cell=cell]
[-k keytab | --keytab=keytab]
[-R string | --v5-realm=string]
[-D | --decrypt]
[-E | --encrypt]
[-n | --stdout]
[-v | --verbose]
[--version]
[-h | --help]
[host[:port]] ... |
DESCRIPTION¶
hprop takes a principal database in a
specified format and converts it into a stream of Heimdal database records.
This stream can either be written to standard out, or (more commonly) be
propagated to a hpropd(8) server running on a different
machine.
If propagating, it connects to all hosts specified on the command by opening a TCP connection to port 754 (service hprop) and sends the database in encrypted form.
Supported options:
-mfile,--master-key=file- Where to find the master key to encrypt or decrypt keys with.
-dfile,--database=file- The database to be propagated.
--source=heimdal|mit-dump|krb4-dump|kaserver- Specifies the type of the source database. Alternatives include:
+.It Fl k Ar keytab , Fl Fl keytab= Ns Ar keytab The keytab to use for fetching the key to be used for authenticating to the propagation daemon(s). The key hprop/hostname is used from this keytab. The default is to fetch the key from the KDC database.
- heimdal
- a Heimdal database
- mit-dump
- a MIT Kerberos 5 dump file
-Rstring,--v5-realm=string- Local realm override.
-D,--decrypt- The encryption keys in the database can either be in clear, or encrypted with a master key. This option transmits the database with unencrypted keys.
-E,--encrypt- This option transmits the database with encrypted keys. This is the default if no option is supplied.
-n,--stdout- Dump the database on stdout, in a format that can be fed to hpropd.
EXAMPLES¶
The following will propagate a database to another machine (which should run hpropd(8)):
$ hprop slave-1 slave-2
SEE ALSO¶
| December 8, 2004 | HEIMDAL |