NAME

hprop - propagate the KDC database

SYNOPSIS

hprop key=file [-m file Xo --master-] --database=file [-d file Xo] [--source=heimdal|mit-dump|krb4-dump|kaserver] --v4-realm=string [-r string Xo] --cell=cell [-c cell Xo] [-S | --kaspecials] --keytab=keytab [-k keytab Xo] --v5-realm=string [-R string Xo] [-D | --decrypt] [-E | --encrypt] [-n | --stdout] [-v | --verbose] [--version] [-h | --help] [host[:port]] ...

DESCRIPTION

hprop takes a principal database in a specified format and converts it into a stream of Heimdal database records. This stream can either be written to standard out, or (more commonly) be propagated to a hpropd(8) server running on a different machine.

If propagating, it connects to all hosts specified on the command by opening a TCP connection to port 754 (service hprop) and sends the database in encrypted form.

Supported options:

Xo
-m file, --master-key=file Where to find the master key to encrypt or decrypt keys with.

Xo
-d file, --database=file The database to be propagated.

Xo
--source=heimdal|mit-dump|krb4-dump|kaserver Specifies the type of the source database. Alternatives include:

heimdal
a Heimdal database
mit-dump
a MIT Kerberos 5 dump file
krb4-dump
a Kerberos 4 dump file
kaserver
an AFS kaserver database

Xo
-k keytab, --keytab=keytab The keytab to use for fetching the key to be used for authenticating to the propagation daemon(s). The key kadmin/hprop is used from this keytab. The default is to fetch the key from the KDC database.

Xo
-R string, --v5-realm=string Local realm override.

Xo
-D, --decrypt The encryption keys in the database can either be in clear, or encrypted with a master key. This option transmits the database with unencrypted keys.

Xo
-E, --encrypt This option transmits the database with encrypted keys.

Xo
-n, --stdout Dump the database on stdout, in a format that can be fed to hpropd.

The following options are only valid if hprop is compiled with support for Kerberos 4 (kaserver).

Xo
-r string, --v4-realm=string v4 realm to use.

Xo
-c cell, --cell=cell The AFS cell name, used if reading a kaserver database.

Xo
-S, --kaspecials Also dump the principals marked as special in the kaserver database.

Xo
-K, --ka-db Deprecated, identical to `--source=kaserver'.

EXAMPLES

The following will propagate a database to another machine (which should run hpropd(8)):
$ hprop slave-1 slave-2

Convert a Kerberos 4 dump-file for use with a Heimdal KDC:

$ hprop -n --source=krb4-dump -d /var/kerberos/principal.dump --master-key=/.k | hpropd -n

SEE ALSO

hpropd(8)