1.\" $Id: hprop.8,v 1.8 2001/01/30 04:18:41 assar Exp $
2.\"
3.Dd June 19, 2000
4.Dt HPROP 8
5.Os HEIMDAL
6.Sh NAME
7.Nm hprop
| 1.\" $Id: hprop.8,v 1.8 2001/01/30 04:18:41 assar Exp $
2.\"
3.Dd June 19, 2000
4.Dt HPROP 8
5.Os HEIMDAL
6.Sh NAME
7.Nm hprop
|
8.Nd
9propagate the KDC database
| 8.Nd propagate the KDC database
|
10.Sh SYNOPSIS
11.Nm
12.Oo Fl m Ar file \*(Ba Xo
13.Fl -master-key= Ns Pa file Oc
14.Xc
15.Oo Fl d Ar file \*(Ba Xo
16.Fl -database= Ns Pa file Oc
17.Xc
18.Op Fl -source= Ns Ar heimdal|mit-dump|krb4-db|krb4-dump
19.Op Fl 4 | Fl -v4-db
20.Op Fl K | Fl -ka-db
21.Oo Fl c Ar cell \*(Ba Xo
22.Fl -cell= Ns Ar cell Oc
23.Xc
24.Op Fl S | Fl -kaspecials
25.Oo Fl r Ar string \*(Ba Xo
26.Fl -v4-realm= Ns Ar string Oc
27.Xc
28.Oo Fl k Ar keytab \*(Ba Xo
29.Fl -keytab= Ns Ar keytab Oc
30.Xc
31.Oo Fl R Ar string \*(Ba Xo
32.Fl -v5-realm= Ns Ar string Oc
33.Xc
34.Op Fl D | Fl -decrypt
35.Op Fl E | Fl -encrypt
36.Op Fl n | Fl -stdout
37.Op Fl v | Fl -verbose
38.Op Fl -version
39.Op Fl h | Fl -help
| 9.Sh SYNOPSIS
10.Nm
11.Oo Fl m Ar file \*(Ba Xo
12.Fl -master-key= Ns Pa file Oc
13.Xc
14.Oo Fl d Ar file \*(Ba Xo
15.Fl -database= Ns Pa file Oc
16.Xc
17.Op Fl -source= Ns Ar heimdal|mit-dump|krb4-db|krb4-dump
18.Op Fl 4 | Fl -v4-db
19.Op Fl K | Fl -ka-db
20.Oo Fl c Ar cell \*(Ba Xo
21.Fl -cell= Ns Ar cell Oc
22.Xc
23.Op Fl S | Fl -kaspecials
24.Oo Fl r Ar string \*(Ba Xo
25.Fl -v4-realm= Ns Ar string Oc
26.Xc
27.Oo Fl k Ar keytab \*(Ba Xo
28.Fl -keytab= Ns Ar keytab Oc
29.Xc
30.Oo Fl R Ar string \*(Ba Xo
31.Fl -v5-realm= Ns Ar string Oc
32.Xc
33.Op Fl D | Fl -decrypt
34.Op Fl E | Fl -encrypt
35.Op Fl n | Fl -stdout
36.Op Fl v | Fl -verbose
37.Op Fl -version
38.Op Fl h | Fl -help
|
40.Ar host Ns Op :port
41...
| 39.Ar host Ns Op : Ns Ar port
40.Ar ...
|
42.Sh DESCRIPTION
43.Nm
44takes a principal database in a specified format and converts it into
45a stream of Heimdal database records. This stream can either be
46written to standard out, or (more commonly) be propagated to a
47.Xr hpropd 8
48server running on a different machine.
49.Pp
50If propagating, it connects to all
51.Ar hosts
52specified on the command by opening a TCP connection to port 754
53(service hprop) and sends the database in encrypted form.
54.Pp
55Supported options:
56.Bl -tag -width Ds
57.It Xo
58.Fl m Ar file Ns ,
59.Fl -master-key= Ns Pa file
60.Xc
61Where to find the master key to encrypt or decrypt keys with.
62.It Xo
63.Fl d Ar file Ns ,
64.Fl -database= Ns Pa file
65.Xc
66The database to be propagated.
67.It Xo
68.Fl -source= Ns Ar heimdal|mit-dump|krb4-db|krb4-dump
69.Xc
70Specifies the type of the source database. Alternatives include:
71.Bl -tag -width krb4-dump
72.It heimdal
73a Heimdal database
74.It mit-dump
75a MIT Kerberos 5 dump file
76.It krb4-db
77a Kerberos 4 database
78.It krb4-dump
79a Kerberos 4 dump file
80.It kaserver
81a Transarc kaserver database
82.El
83.It Xo
84.Fl k Ar keytab Ns ,
85.Fl -keytab= Ns Ar keytab
86.Xc
87The keytab to use for fetching the key to be used for authenticating
88to the propagation daemon(s). The key
89.Pa kadmin/hprop
90is used from this keytab. The default is to fetch the key from the
91KDC database.
92.It Xo
93.Fl R Ar string Ns ,
94.Fl -v5-realm= Ns Ar string
95.Xc
96Local realm override.
97.It Xo
98.Fl D Ns ,
99.Fl -decrypt
100.Xc
101The encryption keys in the database can either be in clear, or
102encrypted with a master key. This option thansmits the database with
103unencrypted keys.
104.It Xo
105.Fl E Ns ,
106.Fl -encrypt
107.Xc
108This option thansmits the database with encrypted keys.
109.It Xo
110.Fl n Ns ,
111.Fl -stdout
112.Xc
113Dump the database on stdout, in a format that can be fed to hpropd.
114.El
| 41.Sh DESCRIPTION
42.Nm
43takes a principal database in a specified format and converts it into
44a stream of Heimdal database records. This stream can either be
45written to standard out, or (more commonly) be propagated to a
46.Xr hpropd 8
47server running on a different machine.
48.Pp
49If propagating, it connects to all
50.Ar hosts
51specified on the command by opening a TCP connection to port 754
52(service hprop) and sends the database in encrypted form.
53.Pp
54Supported options:
55.Bl -tag -width Ds
56.It Xo
57.Fl m Ar file Ns ,
58.Fl -master-key= Ns Pa file
59.Xc
60Where to find the master key to encrypt or decrypt keys with.
61.It Xo
62.Fl d Ar file Ns ,
63.Fl -database= Ns Pa file
64.Xc
65The database to be propagated.
66.It Xo
67.Fl -source= Ns Ar heimdal|mit-dump|krb4-db|krb4-dump
68.Xc
69Specifies the type of the source database. Alternatives include:
70.Bl -tag -width krb4-dump
71.It heimdal
72a Heimdal database
73.It mit-dump
74a MIT Kerberos 5 dump file
75.It krb4-db
76a Kerberos 4 database
77.It krb4-dump
78a Kerberos 4 dump file
79.It kaserver
80a Transarc kaserver database
81.El
82.It Xo
83.Fl k Ar keytab Ns ,
84.Fl -keytab= Ns Ar keytab
85.Xc
86The keytab to use for fetching the key to be used for authenticating
87to the propagation daemon(s). The key
88.Pa kadmin/hprop
89is used from this keytab. The default is to fetch the key from the
90KDC database.
91.It Xo
92.Fl R Ar string Ns ,
93.Fl -v5-realm= Ns Ar string
94.Xc
95Local realm override.
96.It Xo
97.Fl D Ns ,
98.Fl -decrypt
99.Xc
100The encryption keys in the database can either be in clear, or
101encrypted with a master key. This option thansmits the database with
102unencrypted keys.
103.It Xo
104.Fl E Ns ,
105.Fl -encrypt
106.Xc
107This option thansmits the database with encrypted keys.
108.It Xo
109.Fl n Ns ,
110.Fl -stdout
111.Xc
112Dump the database on stdout, in a format that can be fed to hpropd.
113.El
|
115
| 114.Pp
|
116The following options are only valid if
117.Nm hprop
118is compiled with support for Kerberos 4 (kaserver).
119.Bl -tag -width Ds
120.It Xo
121.Fl r Ar string Ns ,
122.Fl -v4-realm= Ns Ar string
123.Xc
124v4 realm to use
125.It Xo
126.Fl c Ar cell Ns ,
127.Fl -cell= Ns Ar cell
128.Xc
129The AFS cell name, used if reading a kaserver database.
130.It Xo
131.Fl S Ns ,
132.Fl -kaspecials
133.Xc
134Also dump the principals marked as special in the kaserver database.
135.It Xo
136.Fl 4 Ns ,
137.Fl -v4-db
138.Xc
139Deprecated, identical to
140.Sq --source=krb4-db .
141.It Xo
142.Fl K Ns ,
143.Fl -ka-db
144.Xc
145Deprecated, identical to
146.Sq --source=kaserver .
147.El
| 115The following options are only valid if
116.Nm hprop
117is compiled with support for Kerberos 4 (kaserver).
118.Bl -tag -width Ds
119.It Xo
120.Fl r Ar string Ns ,
121.Fl -v4-realm= Ns Ar string
122.Xc
123v4 realm to use
124.It Xo
125.Fl c Ar cell Ns ,
126.Fl -cell= Ns Ar cell
127.Xc
128The AFS cell name, used if reading a kaserver database.
129.It Xo
130.Fl S Ns ,
131.Fl -kaspecials
132.Xc
133Also dump the principals marked as special in the kaserver database.
134.It Xo
135.Fl 4 Ns ,
136.Fl -v4-db
137.Xc
138Deprecated, identical to
139.Sq --source=krb4-db .
140.It Xo
141.Fl K Ns ,
142.Fl -ka-db
143.Xc
144Deprecated, identical to
145.Sq --source=kaserver .
146.El
|
148
| |
149.Sh EXAMPLES
150The following will propagate a database to another machine (which
151should run
152.Xr hpropd 8):
153.Bd -literal -offset indent
154$ hprop slave-1 slave-2
155.Ed
| 147.Sh EXAMPLES
148The following will propagate a database to another machine (which
149should run
150.Xr hpropd 8):
151.Bd -literal -offset indent
152$ hprop slave-1 slave-2
153.Ed
|
156
| 154.Pp
|
157Copy a Kerberos 4 database to a Kerberos 5 slave:
158.Bd -literal -offset indent
159$ hprop --source=krb4-db -E krb5-slave
160.Ed
| 155Copy a Kerberos 4 database to a Kerberos 5 slave:
156.Bd -literal -offset indent
157$ hprop --source=krb4-db -E krb5-slave
158.Ed
|
161
| 159.Pp
|
162Convert a Kerberos 4 dump-file for use with a Heimdal KDC:
163.Bd -literal -offset indent
164$ hprop -n --source=krb4-dump -d /var/kerberos/principal.dump -E | hpropd -n
165.Ed
166.Sh SEE ALSO
167.Xr hpropd 8
| 160Convert a Kerberos 4 dump-file for use with a Heimdal KDC:
161.Bd -literal -offset indent
162$ hprop -n --source=krb4-dump -d /var/kerberos/principal.dump -E | hpropd -n
163.Ed
164.Sh SEE ALSO
165.Xr hpropd 8
|