The OpenNET Project / Index page

[ новости /+++ | форум | теги | ]

Интерактивная система просмотра системных руководств (man-ов)

 ТемаНаборКатегория 
 
 [Cписок руководств | Печать]

kpropd (1)
  • >> kpropd (1) ( Solaris man: Команды и прикладные программы пользовательского уровня )
  •  

    NAME

    kpropd - Kerberos propagation daemon for slave KDCs
     
    

    SYNOPSIS

    /usr/lib/krb5/kpropd [-d] [-f temp_dbfile] [-F dbfile] 
        [-p kdb_util] [-P port_number] [-r realm] 
        [-s srv_tabfile] [-S] [-a acl_file]
    

     

    DESCRIPTION

    The kpropd command runs on the slave KDC server. It listens for update requests made by kprop(1M) from the master KDC and periodically requests incremental updates from the master KDC.

    When the slave receives a kprop request from the master, kpropd copies principal data to a temporary text file. Next, kpropd invokes kdb5_util(1M) (unless a different database utility is selected) to load the text file in database format.

    When the slave periodically requests incremental updates, kpropd update its principal.ulog file with any updates from the master. kproplog(1M) can be used to view a summary of the update entry log on the slave KDC.

    kpropd is not configured for incremental database propagation by default. These settings can be changed in the kdc.conf(4) file:

    sunw_dbprop_enable = [true | false]

    Enables or disables incremental database propagation. Default is false.

    sunw_dbprop_slave_poll = N[s, m, h]

    Specifies how often the slave KDC polls for any updates that the master might have. Default is 2m (two minutes).

    The kiprop/<hostname>@<REALM> principal must exist in the slave's keytab file to enable the master to authenticate incremental propagation requests from the slave. In this syntax, <hostname> is the slave KDC's host name and <REALM> is the realm in which the slave KDC resides.  

    OPTIONS

    The following options are supported:

    -d

    Enable debug mode. Default is debug mode disabled.

    -f temp_dbfile

    The location of the slave's temporary principal database file. Default is /var/krb5/from_master.

    -F dbfile

    The location of the slave's principal database file. Default is /var/krb5/principal.

    -p kdb_util

    The location of the Kerberos database utility used for loading principal databases. Default is /usr/sbin/kdb5_util.

    -P port_number

    Specifies the port number on which kpropd will listen. Default is 754 (service name: krb5_prop).

    -r realm

    Specifies from which Kerberos realm kpropd will receive information. Default is specified in /etc/krb5/krb5.conf.

    -s srv_tabfile

    The location of the service table file used to authenticate the kpropd daemon.

    -S

    Run the daemon in standalone mode, instead of having inetd listen for requests. Default is non-standalone mode.

    -a acl_file

    The location of the kpropd's access control list to verify if this server can run the kpropd daemon. The file contains a list of principal name(s) that will be receiving updates. Default is /etc/krb5/kpropd.acl.

     

    FILES

    /var/krb5/principal

    Kerberos principal database.

    /var/krb5/principal.ulog

    The update log file.

    /etc/krb5/kdc.conf

    KDC configuration information.

    /etc/krb5/kpropd.acl

    List of principals of all the KDCs; resides on each slave KDC.

    /var/krb5/from_master

    Temporary file used by kpropd before loading this to the principal database.

     

    ATTRIBUTES

    See attributes(5) for descriptions of the following attributes:

    ATTRIBUTE TYPEATTRIBUTE VALUE

    AvailabilitySUNWkdcu

    Interface Stability

     

    SEE ALSO

    kdb5_util(1M), kprop(1M), kproplog(1M), kdc.conf(4), krb5.conf(4), attributes(5), kerberos(5)  

    NOTES

    The kprop service is managed by the service management facility, smf(5), under the service identifier:

    svc:/network/security/krb5_prop:default
    

    Administrative actions on this service, such as enabling, disabling, or requesting restart, can be performed using svcadm(1M). Responsibility for initiating and restarting this service is delegated to inetd(1M). Use inetadm(1M) to make configuration changes and to view configuration information for this service. The service's status can be queried using the svcs(1) command.


     

    Index

    NAME
    SYNOPSIS
    DESCRIPTION
    OPTIONS
    FILES
    ATTRIBUTES
    SEE ALSO
    NOTES


    Поиск по тексту MAN-ов: 




    Партнёры:
    PostgresPro
    Inferno Solutions
    Hosting by Hoster.ru
    Хостинг:

    Закладки на сайте
    Проследить за страницей
    Created 1996-2024 by Maxim Chirkov
    Добавить, Поддержать, Вебмастеру