Provided by: krb5-kdc_1.20-1_amd64 bug


       kproplog - display the contents of the Kerberos principal update log


       kproplog [-h] [-e num] [-v] kproplog [-R]


       The  kproplog  command  displays  the  contents of the KDC database update log to standard
       output.  It can be used to keep track of incremental updates to  the  principal  database.
       The  update  log  file contains the update log maintained by the kadmind(8) process on the
       primary KDC server and the kpropd(8) process on the replica  KDC  servers.   When  updates
       occur,  they  are  logged  to  this  file.   Subsequently  any  KDC replica configured for
       incremental updates will request the current data from the primary KDC  and  update  their
       log file with any updates returned.

       The  kproplog command requires read access to the update log file.  It will display update
       entries only for the KDC it runs on.

       If no options are specified, kproplog displays a summary of the update log.  If invoked on
       the  primary,  kproplog  also displays all of the update entries.  If invoked on a replica
       KDC server, kproplog displays only a summary of the updates,  which  includes  the  serial
       number of the last update received and the associated time stamp of the last update.


       -R     Reset  the  update  log.  This forces full resynchronization.  If used on a replica
              then that replica will request a full resync.  If used  on  the  primary  then  all
              replicas will request full resyncs.

       -h     Display  a  summary  of  the  update  log.   This information includes the database
              version number, state of the database, the number of updates in the log,  the  time
              stamp  of  the  first and last update, and the version number of the first and last
              update entry.

       -e num Display the last num update entries in the log.   This  is  useful  when  debugging
              synchronization between KDC servers.

       -v     Display  individual  attributes per update.  An example of the output generated for
              one entry:

                 Update Entry
                    Update serial # : 4
                    Update operation : Add
                    Update principal : test@EXAMPLE.COM
                    Update size : 424
                    Update committed : True
                    Update time stamp : Fri Feb 20 23:37:42 2004
                    Attributes changed : 6
                          Key data
                          Password last changed
                          Modifying principal
                          Modification time
                          TL data


       See kerberos(7) for a description of Kerberos environment variables.


       kpropd(8), kerberos(7)




       1985-2022, MIT