NAME
hprop
- propagate the KDC database
SYNOPSIS
hprop
key=
file
[-m file Xo --master-]
--database=
file
[-d file Xo]
[--source=heimdal|mit-dump|krb4-dump|kaserver]
--v4-realm=string
[-r string Xo]
--cell=cell
[-c cell Xo]
[-S | --kaspecials]
--keytab=keytab
[-k keytab Xo]
--v5-realm=string
[-R string Xo]
[-D | --decrypt]
[-E | --encrypt]
[-n | --stdout]
[-v | --verbose]
[--version]
[-h | --help]
[host[:port]]
...
DESCRIPTION
hprop
takes a principal database in a specified format and converts it into
a stream of Heimdal database records. This stream can either be
written to standard out, or (more commonly) be propagated to a
hpropd(8)
server running on a different machine.
If propagating, it connects to all
hosts
specified on the command by opening a TCP connection to port 754
(service hprop) and sends the database in encrypted form.
Supported options:
- Xo
-
-m file,
--master-key=
file
Where to find the master key to encrypt or decrypt keys with.
- Xo
-
-d file,
--database=
file
The database to be propagated.
- Xo
-
--source=heimdal|mit-dump|krb4-dump|kaserver
Specifies the type of the source database. Alternatives include:
- heimdal
-
a Heimdal database
- mit-dump
-
a MIT Kerberos 5 dump file
- krb4-dump
-
a Kerberos 4 dump file
- kaserver
-
an AFS kaserver database
- Xo
-
-k keytab,
--keytab=keytab
The keytab to use for fetching the key to be used for authenticating
to the propagation daemon(s). The key
kadmin/hprop
is used from this keytab. The default is to fetch the key from the
KDC database.
- Xo
-
-R string,
--v5-realm=string
Local realm override.
- Xo
-
-D,
--decrypt
The encryption keys in the database can either be in clear, or
encrypted with a master key. This option transmits the database with
unencrypted keys.
- Xo
-
-E,
--encrypt
This option transmits the database with encrypted keys.
- Xo
-
-n,
--stdout
Dump the database on stdout, in a format that can be fed to hpropd.
The following options are only valid if
hprop
is compiled with support for Kerberos 4 (kaserver).
- Xo
-
-r string,
--v4-realm=string
v4 realm to use.
- Xo
-
-c cell,
--cell=cell
The AFS cell name, used if reading a kaserver database.
- Xo
-
-S,
--kaspecials
Also dump the principals marked as special in the kaserver database.
- Xo
-
-K,
--ka-db
Deprecated, identical to
`--source=kaserver'.
EXAMPLES
The following will propagate a database to another machine (which
should run
hpropd(8)):
-
$ hprop slave-1 slave-2
Convert a Kerberos 4 dump-file for use with a Heimdal KDC:
-
$ hprop -n --source=krb4-dump -d /var/kerberos/principal.dump --master-key=/.k | hpropd -n
SEE ALSO
hpropd(8)