command runs on the slave KDC server. It listens for update requests
made by the
program, and periodically requests incremental updates from the
When the slave receives a kprop request from the master,
accepts the dumped KDC database and places it in a file, and then runs
to load the dumped database into the active database which is used by
Thus, the master Kerberos server can use
to propagate its database to the slave slavers. Upon a successful download
of the KDC database file, the slave Kerberos server will have an
up-to-date KDC database.
Normally, kpropd is invoked out of
This is done by adding a line to the inetd.conf file which looks like
However, kpropd can also run as a standalone daemon, if the
option is turned on. This is done for debugging purposes, or if for
some reason the system administrator just doesn't want to run it out of
When the slave periodically requests incremental updates,
file with any updates from the master.
can be used to view a summary of the update entry log on the slave
KDC. Incremental propagation is not enabled by default; it can be
enabled using the
The principal "kiprop/slavehostname@REALM" (where "slavehostname" is
the name of the slave KDC host, and "REALM" is the name of the
Kerberos realm) must be present in the slave's keytab file.
specifies the filename where the dumped principal database file is to be
stored; by default the dumped database file is KPROPD_DEFAULT_FILE
allows the user to specify the pathname to the
program; by default the pathname used is KPROPD_DEFAULT_KDB5_UTIL
turn on standalone mode. Normally, kpropd is invoked out of
so it expects a network connection to be passed to it from
option is specified, kpropd will put itself into the background, and
wait for connections to the KPROP_SERVICE port (normally krb5_prop).
turn on debug mode. In this mode, if the
option is selected,
will not detach itself from the current job and run in the background.
Instead, it will run in the foreground and print out debugging messages
during the database propagation.
allow for an alternate port number for
to listen on. This is only useful if the program is run in standalone
allows the user to specify the path to the
file; by default the path used is KPROPD_ACL_FILE
Access file for
the default location is KPROPD_ACL_FILE (normally
Each entry is a line containing the principal of a host from which the
local machine will allow Kerberos database propagation via kprop.