1 .\" $Id: hprop.8,v 1.16 2002/08/20 17:18:38 joda Exp $
8 .Nd propagate the KDC database
11 .Oo Fl m Ar file \*(Ba Xo
12 .Fl -master-key= Ns Pa file
15 .Oo Fl d Ar file \*(Ba Xo
16 .Fl -database= Ns Pa file
19 .Op Fl -source= Ns Ar heimdal|mit-dump|krb4-dump|krb4-db|kaserver
20 .Oo Fl r Ar string \*(Ba Xo
21 .Fl -v4-realm= Ns Ar string
24 .Oo Fl c Ar cell \*(Ba Xo
28 .Op Fl S | Fl -kaspecials
29 .Oo Fl k Ar keytab \*(Ba Xo
30 .Fl -keytab= Ns Ar keytab
33 .Oo Fl R Ar string \*(Ba Xo
34 .Fl -v5-realm= Ns Ar string
37 .Op Fl D | Fl -decrypt
38 .Op Fl E | Fl -encrypt
40 .Op Fl v | Fl -verbose
43 .Op Ar host Ns Op : Ns Ar port
47 takes a principal database in a specified format and converts it into
48 a stream of Heimdal database records. This stream can either be
49 written to standard out, or (more commonly) be propagated to a
51 server running on a different machine.
53 If propagating, it connects to all
55 specified on the command by opening a TCP connection to port 754
56 (service hprop) and sends the database in encrypted form.
62 .Fl -master-key= Ns Pa file
64 Where to find the master key to encrypt or decrypt keys with.
67 .Fl -database= Ns Pa file
69 The database to be propagated.
71 .Fl -source= Ns Ar heimdal|mit-dump|krb4-dump|krb4-db|kaserver
73 Specifies the type of the source database. Alternatives include:
75 .Bl -tag -width krb4-dump -compact -offset indent
79 a MIT Kerberos 5 dump file
83 a Kerberos 4 dump file
85 an AFS kaserver database
89 .Fl -keytab= Ns Ar keytab
91 The keytab to use for fetching the key to be used for authenticating
92 to the propagation daemon(s). The key
94 is used from this keytab. The default is to fetch the key from the
98 .Fl -v5-realm= Ns Ar string
100 Local realm override.
105 The encryption keys in the database can either be in clear, or
106 encrypted with a master key. This option transmits the database with
112 This option transmits the database with encrypted keys.
117 Dump the database on stdout, in a format that can be fed to hpropd.
120 The following options are only valid if
122 is compiled with support for Kerberos 4 (kaserver).
126 .Fl -v4-realm= Ns Ar string
131 .Fl -cell= Ns Ar cell
133 The AFS cell name, used if reading a kaserver database.
138 Also dump the principals marked as special in the kaserver database.
143 Deprecated, identical to
144 .Sq --source=krb4-db .
149 Deprecated, identical to
150 .Sq --source=kaserver .
153 The following will propagate a database to another machine (which
156 .Bd -literal -offset indent
157 $ hprop slave-1 slave-2
160 Copy a Kerberos 4 database to a Kerberos 5 slave:
161 .Bd -literal -offset indent
162 $ hprop --source=krb4-db -E krb5-slave
165 Convert a Kerberos 4 dump-file for use with a Heimdal KDC:
166 .Bd -literal -offset indent
167 $ hprop -n --source=krb4-dump -d /var/kerberos/principal.dump --master-key=/.k | hpropd -n