1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
|
.\"
.\" Copyright (c) 1997 Jason L. Wright. All rights reserved.
.\"
.\" Redistribution and use in source and binary forms, with or without
.\" modification, are permitted provided that the following conditions
.\" are met:
.\" 1. Redistributions of source code must retain the above copyright
.\" notice, this list of conditions and the following disclaimer.
.\" 2. Redistributions in binary form must reproduce the above copyright
.\" notice, this list of conditions and the following disclaimer in the
.\" documentation and/or other materials provided with the distribution.
.\" 3. All advertising materials mentioning features or use of this software
.\" must display the following acknowledgement:
.\" This product includes software developed by Jason L. Wright
.\" 4. The name of Jason L. Wright may not be used to endorse or promote
.\" products derived from this software without specific prior written
.\" permission.
.\"
.\" THIS SOFTWARE IS PROVIDED BY Jason L. Wright ``AS IS'' AND
.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
.\" ARE DISCLAIMED. IN NO EVENT SHALL Jason L. Wright BE LIABLE
.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
.\" SUCH DAMAGE.
.\"
.Dd July 2, 1997
.Dt KPROP 8
.Os
.Sh NAME
.Nm kprop
.Nd network utility for Kerberos database propagation
.Sh SYNOPSIS
.Nm kadmin database slaves_file [-force] [-safe | -clear] [-realm realm]
.Sh DESCRIPTION
The
.Nm kprop
daemon runs on a Kerberos master and propagates the Kerberos
database to the Kerberos slaves, where it is received by the waiting
.Xr kpropd 8
daemon.
.Pp
The first parameter,
.Nm database ,
is the name of the file out of which data is
extracted. This file is not the db-formatted Kerberos database,
.Pa /etc/kerberosIV/principal.db .
See the
.Nm db(3)
reference page for more
information. The database is a file created by the
.Nm kdb_util slave dump
command. It is an ASCII representation of the Kerberos database.
.Pp
The second parameter that must be supplied is
.Nm slaves_file ,
the name of the
file on the Kerberos master that lists the Kerberos slaves to which kprop
propagates the Kerberos master database. The slaves file contains one
line for each host running a secondary server consisting on just the hostname
of the machine.
.Pp
The Kerberos utility first determines whether the ASCII Kerberos database,
database, was correctly dumped by
.Nm kdb_util .
It accomplishes this by
determining if database is older than the
.Pa database.dump.ok
file created by
.Nm kdb_util
during the slave dump operation. If it is older, the dump did not
succeed or is not yet finished. If the dump did not complete successfully
or has not yet completed, the master database is not transferred to any
Kerberos slave. Otherwise,
.Nm kprop
determines, for each slave server listed
in the slaves file, whether or not the database has changed since the last
successful transfer to the slave. It determines this for slave server
.Nm cactus
by comparing the modification time of the
.Pa cactus-last-prop
file, which is stored in the same directory as the slaves file,
with the modification time of database. If the
.Pa /etc/kerberosIV/cactus-last-prop
file
is newer, then the database, need not be transferred to
.Nm cactus .
Finally,
.Nm kprop
propagates the database to those servers which need a new
copy of the database and updates the modification time of the
.Pa /etc/kerberosIV/server-last-prop
file for these slave servers.
.Ss Parameters
.Bl -tag -width Fl
.It Fl safe
Data sent over the network will be authenticated at the destination
and protected against modifications in transit. In other words,
.Nm kprop
and
.Nm kpropd
will become Kerberos authenticated to each other and send messages formatted
with
.Xr krb_mk_safe 3 .
.It Fl clear
Data will be sent in cleartext (not encrypted). This switch is useful when
first setting up the Kerberos environment.
.It Fl realm
Use the specified realm instead of the default from
.Xr krb.conf 5 .
.It Fl force
Force propagation to slaves even if there have been no recent changes to
the master database. Normally, propagation only takes place if the database
file has changed since the last transfer.
.Sh BUGS
This utility does not support the transfer of encrypted data.
.Pp
The
.Nm -clear
and
.Nm -safe
options are not implemented.
.Sh SEE ALSO
.Xr kerberos 1 ,
.Xr kdb_util 8 ,
.Xr kpropd 8
|