8980 BIOS clock is sometimes one hour fast

[unleashed.git] / usr / src / man / man1m / kprop.1m

'\" te
.\" Copyright 1987, 1989 by the Student Information Processing Board of the Massachusetts Institute of Technology.  For copying and distribution information,  please see the file kerberosv5/mit-sipb-copyright.h.
.\" Portions Copyright (c) 2006, Sun Microsystems, Inc. All Rights Reserved.
.\" The contents of this file are subject to the terms of the Common Development and Distribution License (the "License").  You may not use this file except in compliance with the License.
.\" You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE or http://www.opensolaris.org/os/licensing.  See the License for the specific language governing permissions and limitations under the License.
.\" When distributing Covered Code, include this CDDL HEADER in each file and include the License file at usr/src/OPENSOLARIS.LICENSE.  If applicable, add the following below this CDDL HEADER, with the fields enclosed by brackets "[]" replaced with your own identifying information: Portions Copyright [yyyy] [name of copyright owner]
.TH KPROP 1M "Oct 29, 2015"
.SH NAME
kprop \- Kerberos database propagation program
.SH SYNOPSIS
.LP
.nf
\fB/usr/lib/krb5/kprop\fR [\fB-d\fR] [\fB-f\fR \fIfile\fR] [\fB-p\fR \fIport-number\fR]
     [\fB-r\fR \fIrealm\fR] [\fB-s\fR \fIkeytab\fR] [\fIhost\fR]
.fi

.SH DESCRIPTION
.sp
.LP
\fBkprop\fR is a command-line utility used for propagating a Kerberos database
from a master \fBKDC\fR to a slave \fBKDC\fR. This command must be run on the
master \fBKDC\fR. See the \fISolaris System Administration Guide, Vol. 6\fR on
how to set up periodic propagation between the master \fBKDC\fR and slave
\fBKDC\fRs.
.sp
.LP
To propagate a Kerberos database, the following conditions must be met:
.RS +4
.TP
.ie t \(bu
.el o
The slave \fBKDC\fRs must have an \fB/etc/krb5/kpropd.acl\fR file that contains
the principals for the master \fBKDC\fR and all the slave \fBKDC\fRs.
.RE
.RS +4
.TP
.ie t \(bu
.el o
A keytab containing a host principal entry must exist on each slave \fBKDC\fR.
.RE
.RS +4
.TP
.ie t \(bu
.el o
The database to be propagated must be dumped to a file using
\fBkdb5_util\fR(1M).
.RE
.SH OPTIONS
.sp
.LP
The following options are supported:
.sp
.ne 2
.na
\fB\fB-d\fR\fR
.ad
.RS 18n
Enable debug mode. Default is debug mode disabled.
.RE

.sp
.ne 2
.na
\fB\fB-f\fR \fIfile\fR\fR
.ad
.RS 18n
File to be sent to the slave \fBKDC\fR. Default is the
\fB/var/krb5/slave_datatrans\fR file.
.RE

.sp
.ne 2
.na
\fB\fB-p\fR \fIport-number\fR\fR
.ad
.RS 18n
Propagate \fIport-number\fR. Default is port \fB754\fR.
.RE

.sp
.ne 2
.na
\fB\fB-r\fR \fIrealm\fR\fR
.ad
.RS 18n
Realm where propagation will occur. Default \fIrealm\fR is the local realm.
.RE

.sp
.ne 2
.na
\fB\fB-s\fR \fIkeytab\fR\fR
.ad
.RS 18n
Location of the keytab. Default location is \fB/etc/krb5/krb5.keytab\fR.
.RE

.SH OPERANDS
.sp
.LP
The following operands are supported:
.sp
.ne 2
.na
\fB\fIhost\fR\fR
.ad
.RS 8n
Name of the slave \fBKDC\fR.
.RE

.SH EXAMPLES
.LP
\fBExample 1 \fRPropagating the Kerberos Database
.sp
.LP
The following example propagates the Kerberos database from the
\fB/tmp/slave_data\fR file to the slave \fBKDC\fR \fBlondon\fR. The machine
\fBlondon\fR must have a host principal keytab entry and the \fBkpropd.acl\fR
file must contain an entry for the all the \fBKDC\fRs.

.sp
.in +2
.nf
# kprop -f /tmp/slave_data london
.fi
.in -2
.sp

.SH FILES
.sp
.ne 2
.na
\fB\fB/etc/krb5/kpropd.acl\fR\fR
.ad
.RS 29n
List of principals of all the KDCs; resides on each slave KDC.
.RE

.sp
.ne 2
.na
\fB\fB/etc/krb5/krb5.keytab\fR\fR
.ad
.RS 29n
Keytab for Kerberos clients.
.RE

.sp
.ne 2
.na
\fB\fB/var/krb5/slave_datatrans\fR\fR
.ad
.RS 29n
Kerberos database propagated to the KDC slaves.
.RE

.SH SEE ALSO
.sp
.LP
\fBkpasswd\fR(1), \fBsvcs\fR(1), \fBinetadm\fR(1M),
\fBinetd\fR(1M), \fBkadmind\fR(1M), \fBkadmin.local\fR(1M),
\fBkdb5_util\fR(1M), \fBsvcadm\fR(1M), \fBkadm5.acl\fR(4), \fBkdc.conf\fR(4),
\fBattributes\fR(5), \fBkerberos\fR(5), \fBsmf\fR(5)
.sp
.LP
\fI\fR