Provided by: heimdal-kdc_0.7.1-1ubuntu3_i386 bug

NAME

     hprop - propagate the KDC database

SYNOPSIS

     hprop [-m file | --master-key=file] [-d file | --database=file]
           [--source=heimdal|mit-dump|krb4-dump|krb4-db|kaserver] [-r string |
           --v4-realm=string] [-c cell | --cell=cell] [-S | --kaspecials] [-k
           keytab | --keytab=keytab] [-R string | --v5-realm=string]
           [-D | --decrypt] [-E | --encrypt] [-n | --stdout] [-v | --verbose]
           [--version] [-h | --help] [host[:port]] ...

DESCRIPTION

     hprop takes a principal database in a specified format and converts it
     into a stream of Heimdal database records. This stream can either be
     written to standard out, or (more commonly) be propagated to a hpropd(8)
     server running on a different machine.

     If propagating, it connects to all hosts specified on the command by
     opening a TCP connection to port 754 (service hprop) and sends the
     database in encrypted form.

     Supported options:

     -m file, --master-key=file
             Where to find the master key to encrypt or decrypt keys with.

     -d file, --database=file
             The database to be propagated.

     --source=heimdal|mit-dump|krb4-dump|krb4-db|kaserver
             Specifies the type of the source database. Alternatives include:

                   heimdal    a Heimdal database
                   mit-dump   a MIT Kerberos 5 dump file
                   krb4-db    a Kerberos 4 database
                   krb4-dump  a Kerberos 4 dump file
                   kaserver   an AFS kaserver database

     -k keytab, --keytab=keytab
             The keytab to use for fetching the key to be used for
             authenticating to the propagation daemon(s). The key kadmin/hprop
             is used from this keytab.  The default is to fetch the key from
             the KDC database.

     -R string, --v5-realm=string
             Local realm override.

     -D, --decrypt
             The encryption keys in the database can either be in clear, or
             encrypted with a master key. This option transmits the database
             with unencrypted keys.

     -E, --encrypt
             This option transmits the database with encrypted keys.

     -n, --stdout
             Dump the database on stdout, in a format that can be fed to
             hpropd.

     The following options are only valid if hprop is compiled with support
     for Kerberos 4 (kaserver).

     -r string, --v4-realm=string
             v4 realm to use.

     -c cell, --cell=cell
             The AFS cell name, used if reading a kaserver database.

     -S, --kaspecials
             Also dump the principals marked as special in the kaserver
             database.

     -4, --v4-db
             Deprecated, identical to ‘--source=krb4-db’.

     -K, --ka-db
             Deprecated, identical to ‘--source=kaserver’.

EXAMPLES

     The following will propagate a database to another machine (which should
     run hpropd(8) ):

           $ hprop slave-1 slave-2

     Copy a Kerberos 4 database to a Kerberos 5 slave:

           $ hprop --source=krb4-db -E krb5-slave

     Convert a Kerberos 4 dump-file for use with a Heimdal KDC:

           $ hprop -n --source=krb4-dump -d /var/kerberos/principal.dump --master-key=/.k | hpropd -n

SEE ALSO

     hpropd(8)