.\" or implied warranty.
.\"
.\"
-.TH KPROP 8 "Kerberos Version 5.0" "MIT Project Athena"
+.so man1/header.doc
+.TH KPROP 8 \*h
.SH NAME
kprop \- propagate a Kerberos V5 principal database to a slave server
.SH SYNOPSIS
.B kprop
-[
-.B \-r
-.I realm
-] [
-.B \-f
-.I file
-] [
-.B \-d
-] [
-.B \-P
-.I port
-] [
-] [
-.B \-s
-.I srvtab
-]
+[\fB\-r\fP \fIrealm\fP] [\fB\-f\fP \fIfile\fP] [\fB\-d\fP] [\fB\-P\fP
+\fIport\fP] [\fB\-s\fP \fIkeytab\fP]
.I slave_host
.br
.SH DESCRIPTION
.I kprop
-is used to propagate a Kerberos V5 database dump file from the
-master Kerberos server to a slave Kerberos server, which is specfieid
-by
-.I slave_host.
+is used to propagate a Kerberos V5 database dump file from the master
+Kerberos server to a slave Kerberos server, which is specfied by
+.IR slave_host .
This is done by transmitting the dumped database file to the slave
-server over an encrypted, secure channel. The dump file must be
-created by kdb5_edit, and is normally KPROP_DEFAULT_FILE
-(/krb5/slave_datatrans). The location of the file can be overriden by
-the -f option.
-
-.PP
-The
-.B \-r
-.I realm
-option specifies the realm of the master server;
-by default the realm returned by
+server over an encrypted, secure channel. The dump file must be created
+by kdb5_edit, and is normally KPROP_DEFAULT_FILE
+(/krb5/slave_datatrans).
+.SH OPTIONS
+.TP
+\fB\-r\fP \fIrealm\fP
+specifies the realm of the master server; by default the realm returned
+by
.IR krb5_default_local_realm (3)
is used.
-.PP
-The
-.B \-f
-.I file
-option the filename where the dumped principal database file is to be
+.TP
+\fB\-f\fP \fIfile\fP
+specifies the filename where the dumped principal database file is to be
found; by default the dumped database file is KPROP_DEFAULT_FILE
(normally /krb5/slave_datatrans).
-.PP
-The
-.B \-P
-.I port
-option allows one to override the default port to contact the
+.TP
+\fB\-P\fP \fIport\fP
+specifies the port to use to contact the
.I kpropd
server on the remote host.
+.TP
+.B \-d
+prints debugging information.
+.TP
+\fB\-s\fP \fIkeytab\fP
+specifies the location of the keytab file.
.SH SEE ALSO
kpropd(8), kdb5_edit(8), krb5kdc(8)
.\" or implied warranty.
.\"
.\"
-.TH KPROPD 8 "Kerberos Version 5.0" "MIT Project Athena"
+.so man1/header.doc
+.TH KPROPD 8 \*h
.SH NAME
kpropd \- Kerberos V5 slave KDC update server
.SH SYNOPSIS
.PP
Normally, kpropd is invoked out of
.I inetd(8).
-This is done by adding a
-line to the inetd.conf file which looks like this:
+This is done by adding a line to the inetd.conf file which looks like
+this:
kprop stream tcp nowait root /krb5/bin/kpropd kpropd
-However, kpropd can also run as a standalone deamon, if the
-.B \-S
-option is
-turned on. This is done for debugging purposes, or if for some reason
-the system administrator just doesn't want to run it out of
-.I inetd(8).
-.PP
-The
-.B \-r
-.I realm
-option specifies the realm of the master server; by default the realm
-returned by
+However, kpropd can also run as a standalone deamon, if the
+.B \-S
+option is turned on. This is done for debugging purposes, or if for
+some reason the system administrator just doesn't want to run it out of
+.IR inetd (8).
+.SH OPTIONS
+.TP
+\fB\-r\fP \fIrealm\fP
+specifies the realm of the master server; by default the realm returned
+by
.IR krb5_default_local_realm (3)
is used.
-.PP
-The
-.B \-f
-.I file
-option specifies the filename where the dumped principal database file
-is to be stored; by default the dumped database file is KPROPD_DEFAULT_FILE
+.TP
+\fB\-f\fP \fIfile\fP
+specifies the filename where the dumped principal database file is to be
+stored; by default the dumped database file is KPROPD_DEFAULT_FILE
(normally /krb5/from_master).
-.PP
-The
+.TP
.B \-p
-option allows the user to specify the pathname to the
+allows the user to specify the pathname to the
.IR kdb5_edit (8)
program; by default the pathname used is KPROPD_DEFAULT_KDB5_EDIT
(normally /krb5/bin/kdb5_edit).
-.PP
-The
+.TP
.B \-S
-option turns on standalone mode. Normally, kpropd is invoked out of
+turn on standalone mode. Normally, kpropd is invoked out of
.IR inetd (8)
-and so it expects a network connection to be passed to it from
+so it expects a network connection to be passed to it from
.I inetd (8).
If the
.B \-S
option is specified, kpropd will put itself into the background, and
wait for connections to the KPROP_SERVICE port (normally krb5_prop).
-.PP
-The
+.TP
.B \-d
-option turns on debug mode. In this mode, if the
+turn on debug mode. In this mode, if the
.B \-S
option is selected,
.I kpropd
will not detach itself from the current job and run in the background.
-Instead, it will run in the foreground and print out debugging
-messages during the database propagation.
-.PP
-The
+Instead, it will run in the foreground and print out debugging messages
+during the database propagation.
+.TP
.B \-P
-option allows for an alternate port number for
+allow for an alternate port number for
.I kpropd
to listen on. This is only useful if the program is run in standalone
-mode.
+mode.
+.SH FILES
+.TP "\w'kpropd.acl\ \ 'u"
+kpropd.acl
+Access file for
+.BR kpropd .
+Each entry is a line containing the principal of a host from which the
+local machine will allow Kerberos database propagation via kprop.
.SH SEE ALSO
kprop(8), kdb5_edit(8), krb5kdc(8), inetd(8)
-
projects / krb5.git / commitdiff