1.\" $Id: hprop.8,v 1.8 2001/01/30 04:18:41 assar Exp $ 2.\" 3.Dd June 19, 2000 4.Dt HPROP 8 5.Os HEIMDAL 6.Sh NAME 7.Nm hprop
| 1.\" $Id: hprop.8,v 1.8 2001/01/30 04:18:41 assar Exp $ 2.\" 3.Dd June 19, 2000 4.Dt HPROP 8 5.Os HEIMDAL 6.Sh NAME 7.Nm hprop
|
8.Nd 9propagate the KDC database
| 8.Nd propagate the KDC database
|
10.Sh SYNOPSIS 11.Nm 12.Oo Fl m Ar file \*(Ba Xo 13.Fl -master-key= Ns Pa file Oc 14.Xc 15.Oo Fl d Ar file \*(Ba Xo 16.Fl -database= Ns Pa file Oc 17.Xc 18.Op Fl -source= Ns Ar heimdal|mit-dump|krb4-db|krb4-dump 19.Op Fl 4 | Fl -v4-db 20.Op Fl K | Fl -ka-db 21.Oo Fl c Ar cell \*(Ba Xo 22.Fl -cell= Ns Ar cell Oc 23.Xc 24.Op Fl S | Fl -kaspecials 25.Oo Fl r Ar string \*(Ba Xo 26.Fl -v4-realm= Ns Ar string Oc 27.Xc 28.Oo Fl k Ar keytab \*(Ba Xo 29.Fl -keytab= Ns Ar keytab Oc 30.Xc 31.Oo Fl R Ar string \*(Ba Xo 32.Fl -v5-realm= Ns Ar string Oc 33.Xc 34.Op Fl D | Fl -decrypt 35.Op Fl E | Fl -encrypt 36.Op Fl n | Fl -stdout 37.Op Fl v | Fl -verbose 38.Op Fl -version 39.Op Fl h | Fl -help
| 9.Sh SYNOPSIS 10.Nm 11.Oo Fl m Ar file \*(Ba Xo 12.Fl -master-key= Ns Pa file Oc 13.Xc 14.Oo Fl d Ar file \*(Ba Xo 15.Fl -database= Ns Pa file Oc 16.Xc 17.Op Fl -source= Ns Ar heimdal|mit-dump|krb4-db|krb4-dump 18.Op Fl 4 | Fl -v4-db 19.Op Fl K | Fl -ka-db 20.Oo Fl c Ar cell \*(Ba Xo 21.Fl -cell= Ns Ar cell Oc 22.Xc 23.Op Fl S | Fl -kaspecials 24.Oo Fl r Ar string \*(Ba Xo 25.Fl -v4-realm= Ns Ar string Oc 26.Xc 27.Oo Fl k Ar keytab \*(Ba Xo 28.Fl -keytab= Ns Ar keytab Oc 29.Xc 30.Oo Fl R Ar string \*(Ba Xo 31.Fl -v5-realm= Ns Ar string Oc 32.Xc 33.Op Fl D | Fl -decrypt 34.Op Fl E | Fl -encrypt 35.Op Fl n | Fl -stdout 36.Op Fl v | Fl -verbose 37.Op Fl -version 38.Op Fl h | Fl -help
|
40.Ar host Ns Op :port 41...
| 39.Ar host Ns Op : Ns Ar port 40.Ar ...
|
42.Sh DESCRIPTION 43.Nm 44takes a principal database in a specified format and converts it into 45a stream of Heimdal database records. This stream can either be 46written to standard out, or (more commonly) be propagated to a 47.Xr hpropd 8 48server running on a different machine. 49.Pp 50If propagating, it connects to all 51.Ar hosts 52specified on the command by opening a TCP connection to port 754 53(service hprop) and sends the database in encrypted form. 54.Pp 55Supported options: 56.Bl -tag -width Ds 57.It Xo 58.Fl m Ar file Ns , 59.Fl -master-key= Ns Pa file 60.Xc 61Where to find the master key to encrypt or decrypt keys with. 62.It Xo 63.Fl d Ar file Ns , 64.Fl -database= Ns Pa file 65.Xc 66The database to be propagated. 67.It Xo 68.Fl -source= Ns Ar heimdal|mit-dump|krb4-db|krb4-dump 69.Xc 70Specifies the type of the source database. Alternatives include: 71.Bl -tag -width krb4-dump 72.It heimdal 73a Heimdal database 74.It mit-dump 75a MIT Kerberos 5 dump file 76.It krb4-db 77a Kerberos 4 database 78.It krb4-dump 79a Kerberos 4 dump file 80.It kaserver 81a Transarc kaserver database 82.El 83.It Xo 84.Fl k Ar keytab Ns , 85.Fl -keytab= Ns Ar keytab 86.Xc 87The keytab to use for fetching the key to be used for authenticating 88to the propagation daemon(s). The key 89.Pa kadmin/hprop 90is used from this keytab. The default is to fetch the key from the 91KDC database. 92.It Xo 93.Fl R Ar string Ns , 94.Fl -v5-realm= Ns Ar string 95.Xc 96Local realm override. 97.It Xo 98.Fl D Ns , 99.Fl -decrypt 100.Xc 101The encryption keys in the database can either be in clear, or 102encrypted with a master key. This option thansmits the database with 103unencrypted keys. 104.It Xo 105.Fl E Ns , 106.Fl -encrypt 107.Xc 108This option thansmits the database with encrypted keys. 109.It Xo 110.Fl n Ns , 111.Fl -stdout 112.Xc 113Dump the database on stdout, in a format that can be fed to hpropd. 114.El
| 41.Sh DESCRIPTION 42.Nm 43takes a principal database in a specified format and converts it into 44a stream of Heimdal database records. This stream can either be 45written to standard out, or (more commonly) be propagated to a 46.Xr hpropd 8 47server running on a different machine. 48.Pp 49If propagating, it connects to all 50.Ar hosts 51specified on the command by opening a TCP connection to port 754 52(service hprop) and sends the database in encrypted form. 53.Pp 54Supported options: 55.Bl -tag -width Ds 56.It Xo 57.Fl m Ar file Ns , 58.Fl -master-key= Ns Pa file 59.Xc 60Where to find the master key to encrypt or decrypt keys with. 61.It Xo 62.Fl d Ar file Ns , 63.Fl -database= Ns Pa file 64.Xc 65The database to be propagated. 66.It Xo 67.Fl -source= Ns Ar heimdal|mit-dump|krb4-db|krb4-dump 68.Xc 69Specifies the type of the source database. Alternatives include: 70.Bl -tag -width krb4-dump 71.It heimdal 72a Heimdal database 73.It mit-dump 74a MIT Kerberos 5 dump file 75.It krb4-db 76a Kerberos 4 database 77.It krb4-dump 78a Kerberos 4 dump file 79.It kaserver 80a Transarc kaserver database 81.El 82.It Xo 83.Fl k Ar keytab Ns , 84.Fl -keytab= Ns Ar keytab 85.Xc 86The keytab to use for fetching the key to be used for authenticating 87to the propagation daemon(s). The key 88.Pa kadmin/hprop 89is used from this keytab. The default is to fetch the key from the 90KDC database. 91.It Xo 92.Fl R Ar string Ns , 93.Fl -v5-realm= Ns Ar string 94.Xc 95Local realm override. 96.It Xo 97.Fl D Ns , 98.Fl -decrypt 99.Xc 100The encryption keys in the database can either be in clear, or 101encrypted with a master key. This option thansmits the database with 102unencrypted keys. 103.It Xo 104.Fl E Ns , 105.Fl -encrypt 106.Xc 107This option thansmits the database with encrypted keys. 108.It Xo 109.Fl n Ns , 110.Fl -stdout 111.Xc 112Dump the database on stdout, in a format that can be fed to hpropd. 113.El
|
115
| 114.Pp
|
116The following options are only valid if 117.Nm hprop 118is compiled with support for Kerberos 4 (kaserver). 119.Bl -tag -width Ds 120.It Xo 121.Fl r Ar string Ns , 122.Fl -v4-realm= Ns Ar string 123.Xc 124v4 realm to use 125.It Xo 126.Fl c Ar cell Ns , 127.Fl -cell= Ns Ar cell 128.Xc 129The AFS cell name, used if reading a kaserver database. 130.It Xo 131.Fl S Ns , 132.Fl -kaspecials 133.Xc 134Also dump the principals marked as special in the kaserver database. 135.It Xo 136.Fl 4 Ns , 137.Fl -v4-db 138.Xc 139Deprecated, identical to 140.Sq --source=krb4-db . 141.It Xo 142.Fl K Ns , 143.Fl -ka-db 144.Xc 145Deprecated, identical to 146.Sq --source=kaserver . 147.El
| 115The following options are only valid if 116.Nm hprop 117is compiled with support for Kerberos 4 (kaserver). 118.Bl -tag -width Ds 119.It Xo 120.Fl r Ar string Ns , 121.Fl -v4-realm= Ns Ar string 122.Xc 123v4 realm to use 124.It Xo 125.Fl c Ar cell Ns , 126.Fl -cell= Ns Ar cell 127.Xc 128The AFS cell name, used if reading a kaserver database. 129.It Xo 130.Fl S Ns , 131.Fl -kaspecials 132.Xc 133Also dump the principals marked as special in the kaserver database. 134.It Xo 135.Fl 4 Ns , 136.Fl -v4-db 137.Xc 138Deprecated, identical to 139.Sq --source=krb4-db . 140.It Xo 141.Fl K Ns , 142.Fl -ka-db 143.Xc 144Deprecated, identical to 145.Sq --source=kaserver . 146.El
|
148
| |
149.Sh EXAMPLES 150The following will propagate a database to another machine (which 151should run 152.Xr hpropd 8): 153.Bd -literal -offset indent 154$ hprop slave-1 slave-2 155.Ed
| 147.Sh EXAMPLES 148The following will propagate a database to another machine (which 149should run 150.Xr hpropd 8): 151.Bd -literal -offset indent 152$ hprop slave-1 slave-2 153.Ed
|
156
| 154.Pp
|
157Copy a Kerberos 4 database to a Kerberos 5 slave: 158.Bd -literal -offset indent 159$ hprop --source=krb4-db -E krb5-slave 160.Ed
| 155Copy a Kerberos 4 database to a Kerberos 5 slave: 156.Bd -literal -offset indent 157$ hprop --source=krb4-db -E krb5-slave 158.Ed
|
161
| 159.Pp
|
162Convert a Kerberos 4 dump-file for use with a Heimdal KDC: 163.Bd -literal -offset indent 164$ hprop -n --source=krb4-dump -d /var/kerberos/principal.dump -E | hpropd -n 165.Ed 166.Sh SEE ALSO 167.Xr hpropd 8
| 160Convert a Kerberos 4 dump-file for use with a Heimdal KDC: 161.Bd -literal -offset indent 162$ hprop -n --source=krb4-dump -d /var/kerberos/principal.dump -E | hpropd -n 163.Ed 164.Sh SEE ALSO 165.Xr hpropd 8
|