kpropd - Kerberos propagation daemon for slave KDCs
/usr/lib/krb5/kpropd [-d] [-f temp_dbfile] [-F dbfile] [-p kdb_util] [-P port_number] [-r realm] [-s srv_tabfile] [-S] [-a acl_file]
The kpropd command runs on the slave KDC server. It listens for update requests made by kprop(1M) from the master KDC and periodically requests incremental updates from the master KDC.
When the slave receives a kprop request from the master, kpropd copies principal data to a temporary text file. Next, kpropd invokes kdb5_util(1M) (unless a different database utility is selected) to load the text file in database format.
When the slave periodically requests incremental updates, kpropd update its principal.ulog file with any updates from the master. kproplog(1M) can be used to view a summary of the update entry log on the slave KDC.
kpropd is not configured for incremental database propagation by default. These settings can be changed in the kdc.conf(4) file:
sunw_dbprop_enable = [true | false]
sunw_dbprop_slave_poll = N[s, m, h]
The kiprop/<hostname>@<REALM> principal must exist in the slave's keytab file to enable the master to authenticate incremental propagation requests from the slave. In this syntax, <hostname> is the slave KDC's host name and <REALM> is the realm in which the slave KDC resides.
The following options are supported:
-d
-f temp_dbfile
-F dbfile
-p kdb_util
-P port_number
-r realm
-s srv_tabfile
-S
-a acl_file
/var/krb5/principal
/var/krb5/principal.ulog
/etc/krb5/kdc.conf
/etc/krb5/kpropd.acl
/var/krb5/from_master
See attributes(5) for descriptions of the following attributes:
|
kdb5_util(1M), kprop(1M), kproplog(1M), kdc.conf(4), krb5.conf(4), attributes(5), kerberos(5)
The kprop service is managed by the service management facility, smf(5), under the service identifier:
svc:/network/security/krb5_prop:default
Administrative actions on this service, such as enabling, disabling, or requesting restart, can be performed using svcadm(1M). Responsibility for initiating and restarting this service is delegated to inetd(1M). Use inetadm(1M) to make configuration changes and to view configuration information for this service. The service's status can be queried using the svcs(1) command.
Закладки на сайте Проследить за страницей |
Created 1996-2024 by Maxim Chirkov Добавить, Поддержать, Вебмастеру |