This document is a Mac OS X manual page. Manual pages are a command-line technology for providing documentation. You can view these manual pages locally using the man(1) command. These manual pages come from many different sources, and thus, have a variety of writing styles.

For more information about the manual page format, see the manual page for manpages(5).

KPROPD(8)                                                                                          KPROPD(8)



NAME
       kpropd - Kerberos V5 slave KDC update server

SYNOPSIS
       kpropd [ -r realm ] [ -f slave_dumpfile ] [ -F principal_database ] [ -p kdb5_util_prog ] [ -d ] [ -S
       ] [ -P port ]

DESCRIPTION
       kpropd is the server which accepts connections from the kprop(8) program.  kpropd accepts the  dumped
       KDC database and places it in a file, and then runs kdb5_util(8) to load the dumped database into the
       active database which is used by krb5kdc(8).  Thus, the master Kerberos server can  use  kprop(8)  to
       propagate  its  database  to the slave slavers.  Upon a successful download of the KDC database file,
       the slave Kerberos server will have an up-to-date KDC database.

       Normally, kpropd is invoked out of inetd(8).  This is done by adding a line to  the  inetd.conf  file
       which looks like this:

       kprop     stream    tcp  nowait    root /usr/sbin/kpropd    kpropd

       However, kpropd can also run as a standalone deamon, if the -S option is turned on.  This is done for
       debugging purposes, or if for some reason the system administrator just doesn't want to run it out of
       inetd(8).

OPTIONS
       -r realm
              specifies   the   realm   of   the   master   server;   by   default  the  realm  returned  by
              krb5_default_local_realm(3) is used.

       -f file
              specifies the filename where the dumped principal database file is to be  stored;  by  default
              the dumped database file is KPROPD_DEFAULT_FILE (normally /var/db/krb5kdc/from_master).

       -p     allows  the  user to specify the pathname to the kdb5_util(8) program; by default the pathname
              used is KPROPD_DEFAULT_KDB5_UTIL (normally /usr/sbin/kdb5_util).

       -S     turn on standalone mode.  Normally, kpropd is invoked out of inetd(8) so it expects a  network
              connection  to be passed to it from inetd (8).  If the -S option is specified, kpropd will put
              itself into the background, and wait for  connections  to  the  KPROP_SERVICE  port  (normally
              krb5_prop).

       -d     turn on debug mode.  In this mode, if the -S option is selected, kpropd will not detach itself
              from the current job and run in the background.  Instead, it will run in  the  foreground  and
              print out debugging messages during the database propagation.

       -P     allow for an alternate port number for kpropd to listen on. This is only useful if the program
              is run in standalone mode.

       -a     allows the user to specify the path to the file; by default the path used  is  KPROPD_ACL_FILE
              (normally /var/db/krb5kdc/kpropd.acl).

FILES
       kpropd.acl  Access   file   for   kpropd;   the   default   location   is  KPROPD_ACL_FILE  (normally
                   /var/db/krb5kdc/kpropd.acl).  Each entry is a line containing the  principal  of  a  host
                   from which the local machine will allow Kerberos database propagation via kprop.

SEE ALSO
       kprop(8), kdb5_util(8), krb5kdc(8), inetd(8)



                                                                                                   KPROPD(8)