man pages from jason@logical.thought.net

1 files changed, 108 insertions, 0 deletions

diff --git a/kerberosIV/kprop/kprop.8 b/kerberosIV/kprop/kprop.8
new file mode 100644
index 00000000000..4e00ddf4373
--- /dev/null
+++ b/kerberosIV/kprop/kprop.8
@@ -0,0 +1,108 @@
+.\"
+.\"
+.\"
+.TH KPROP 8 "Kerberos Version 4.0" "MIT Project Athena"
+.SH NAME
+kprop \- network utility for Kerberos database propagation
+.SH SYNOPSIS
+.B kadmin database slaves_file [-force] [-safe | -clear] [-realm realm]
+.SH DESCRIPTION
+The
+.I kprop
+daemon runs on a Kerberos master and propagates the Kerberos
+database to the Kerberos slaves, where it is received by the waiting kpropd
+daemon.
+
+The first parameter, 
+.IR database ,
+is the name of the file out of which data is
+extracted.  This file is not the db-formatted Kerberos database,
+.IR /etc/kerberosIV/principal.db .
+See the
+.I db(3)
+reference page for more
+information.  The database is a file created by the
+.B kdb_util slave dump
+command.  It is an ASCII representation of the Kerberos database.
+
+The second parameter that must be supplied is 
+.IR slaves_file ,
+the name of the
+file on the Kerberos master that lists the Kerberos slaves to which kprop
+propagates the Kerberos master database.  The slaves file contains one
+line for each host running a secondary server consisting on just the hostname
+of the machine.
+
+The Kerberos utility first determines whether the ASCII Kerberos database,
+database, was correctly dumped by
+.BR kdb_util .
+It accomplishes this by
+determining if database is older than the
+.B database.dump.ok
+file created by
+.I kdb_util
+during the slave dump operation.  If it is older, the dump did not
+succeed or is not yet finished.  If the dump did not complete successfully
+or has not yet completed, the master database is not transferred to any
+Kerberos slave.  Otherwise,
+.I kprop
+determines, for each slave server listed
+in the slaves file, whether or not the database has changed since the last
+successful transfer to the slave.  It determines this for slave server
+.I cactus
+by comparing the modification time of the
+.I cactus-last-prop
+file, which is stored in the same directory as the slaves file,
+with the modification time of database. If the
+.I /etc/cactus-last-prop
+file
+is newer, then the database, need not be transferred to
+.IR cactus .
+Finally,
+.I kprop
+propagates the database to those servers which need a new
+copy of the database and updates the modification time of the
+.I /etc/server-last-prop
+file for these slave servers.
+.PP
+If the
+.B \-safe
+option is specified, the data sent over the network is guaranteed to be
+authenticated at the destination and protected against modifications
+in transit.  That is, kprop and kpropd, which are Kerberos princi-
+pals, become Kerberos-authenticated to each other and send messages
+formatted by krb_mk_safe.
+.PP
+If the
+.B \-clear
+option is specified, all of the data will be sent in cleartext (unencrypted).
+This switch is useful when first setting up the Kerberos environment.
+.PP
+If the
+.B \-realm
+option is specified, its argument is used as the current realm name rather
+than the default specified in
+.B krb.conf(5)
+file.
+.PP
+If the
+.B \-force
+option is specified,
+.B kprop
+is forced to propagate the Kerberos database to the slaves, even if there are
+no recent changes to the database.  Without the force flag, the Kerberos
+database is not propagated if the database file has not changed since the last
+successful transfer.
+.SH BUGS
+This utility does not support the transfer of encrypted data.
+
+The
+.B -clear
+and
+.B -safe
+options are not implemented.
+
+.SH "SEE ALSO"
+kerberos(1), kpropd(8)
+.br
+``A Subsystem Utilities Package for UNIX'' by Ken Raeburn