NAME
hprop - propagate the KDC database
SYNOPSIS
hprop [-m file | --master-key=file] [-d file | --database=file]
[--source=heimdal|mit-dump|krb4-dump|kaserver] [-r string |
--v4-realm=string] [-c cell | --cell=cell] [-S | --kaspecials] [-k
keytab | --keytab=keytab] [-R string | --v5-realm=string]
[-D | --decrypt] [-E | --encrypt] [-n | --stdout] [-v | --verbose]
[--version] [-h | --help] [host[:port]] ...
DESCRIPTION
hprop takes a principal database in a specified format and converts it
into a stream of Heimdal database records. This stream can either be
written to standard out, or (more commonly) be propagated to a hpropd(8)
server running on a different machine.
If propagating, it connects to all hosts specified on the command by
opening a TCP connection to port 754 (service hprop) and sends the
database in encrypted form.
Supported options:
-m file, --master-key=file
Where to find the master key to encrypt or decrypt keys with.
-d file, --database=file
The database to be propagated.
--source=heimdal|mit-dump|krb4-dump|kaserver
Specifies the type of the source database. Alternatives include:
heimdal a Heimdal database
mit-dump a MIT Kerberos 5 dump file
krb4-dump a Kerberos 4 dump file
kaserver an AFS kaserver database
-k keytab, --keytab=keytab
The keytab to use for fetching the key to be used for
authenticating to the propagation daemon(s). The key
hprop/hostname is used from this keytab. The default is to fetch
the key from the KDC database.
-R string, --v5-realm=string
Local realm override.
-D, --decrypt
The encryption keys in the database can either be in clear, or
encrypted with a master key. This option transmits the database
with unencrypted keys.
-E, --encrypt
This option transmits the database with encrypted keys.
-n, --stdout
Dump the database on stdout, in a format that can be fed to
hpropd.
The following options are only valid if hprop is compiled with support
for Kerberos 4 (kaserver).
-r string, --v4-realm=string
v4 realm to use.
-c cell, --cell=cell
The AFS cell name, used if reading a kaserver database.
-S, --kaspecials
Also dump the principals marked as special in the kaserver
database.
-K, --ka-db
Deprecated, identical to ‘--source=kaserver’.
EXAMPLES
The following will propagate a database to another machine (which should
run hpropd(8) ):
$ hprop slave-1 slave-2
Convert a Kerberos 4 dump-file for use with a Heimdal KDC:
$ hprop -n --source=krb4-dump -d /var/kerberos/principal.dump \
--master-key=/.k | hpropd -n
SEE ALSO
hpropd(8)