Provided by: krb5-kdc_1.4.3-5_i386 bug


       kpropd - Kerberos V5 slave KDC update server


       kpropd  [  -r realm ] [ -f slave_dumpfile ] [ -F principal_database ] [
       -p kdb5_util_prog ] [ -d ] [ -S ] [ -P port ]


       kpropd is the  server  which  accepts  connections  from  the  kprop(8)
       program.   kpropd  accepts  the  dumped KDC database and places it in a
       file, and then runs kdb5_util(8) to load the dumped database  into  the
       active database which is used by krb5kdc(8).  Thus, the master Kerberos
       server can use kprop(8) to propagate its database to the slave slavers.
       Upon a successful download of the KDC database file, the slave Kerberos
       server will have an up-to-date KDC database.

       Normally, kpropd is invoked out of inetd(8).  This is done by adding  a
       line to the inetd.conf file which looks like this:

       krb5_prop stream    tcp  nowait    root /usr/sbin/kpropd    kpropd

       However,  kpropd  can also run as a standalone deamon, if the -S option
       is turned on.  This is done for debugging  purposes,  or  if  for  some
       reason  the  system  administrator  just  doesn’t want to run it out of


       -r realm
              specifies the realm of the master server; by default  the  realm
              returned by krb5_default_local_realm(3) is used.

       -f file
              specifies  the filename where the dumped principal database file
              is to  be  stored;  by  default  the  dumped  database  file  is
              KPROPD_DEFAULT_FILE (normally /var/lib/krb5kdc/from_master).

       -p     allows  the  user  to  specify  the pathname to the kdb5_util(8)
              program;     by     default     the     pathname     used     is
              KPROPD_DEFAULT_KDB5_UTIL (normally /usr/sbin/kdb5_util).

       -S     turn  on  standalone  mode.   Normally, kpropd is invoked out of
              inetd(8) so it expects a network connection to be passed  to  it
              from  inetd (8).  If the -S option is specified, kpropd will put
              itself into the background, and  wait  for  connections  to  the
              KPROP_SERVICE port (normally krb5_prop).

       -d     turn on debug mode.  In this mode, if the -S option is selected,
              kpropd will not detach itself from the current job  and  run  in
              the  background.   Instead,  it  will  run in the foreground and
              print out debugging messages during the database propagation.

       -P     allow for an alternate port number for kpropd to listen on. This
              is only useful if the program is run in standalone mode.


       kpropd.acl  Access  file  for  kpropd.  Each entry is a line containing
                   the principal of a host from which the local  machine  will
                   allow Kerberos database propagation via kprop.


       kprop(8), kdb5_util(8), krb5kdc(8), inetd(8)