diff options
| -rw-r--r-- | kerberosIV/kprop/Makefile | 4 | ||||
| -rw-r--r-- | kerberosIV/kprop/kprop.8 | 108 | ||||
| -rw-r--r-- | kerberosIV/kpropd/Makefile | 4 | ||||
| -rw-r--r-- | kerberosIV/kpropd/kpropd.8 | 79 |
4 files changed, 191 insertions, 4 deletions
diff --git a/kerberosIV/kprop/Makefile b/kerberosIV/kprop/Makefile index 09c90350fa4..338a633b7cf 100644 --- a/kerberosIV/kprop/Makefile +++ b/kerberosIV/kprop/Makefile @@ -1,8 +1,8 @@ -# $Id: Makefile,v 1.1.1.1 1995/12/14 06:52:49 tholo Exp $ +# $Id: Makefile,v 1.2 1997/06/29 07:21:16 deraadt Exp $ PROG= kprop LDADD+= -lkrb -ldes DPADD+= ${LIBKRB} ${LIBDES} -NOMAN= noman +MAN= kprop.8 .include <bsd.prog.mk> diff --git a/kerberosIV/kprop/kprop.8 b/kerberosIV/kprop/kprop.8 new file mode 100644 index 00000000000..4e00ddf4373 --- /dev/null +++ b/kerberosIV/kprop/kprop.8 @@ -0,0 +1,108 @@ +.\" +.\" +.\" +.TH KPROP 8 "Kerberos Version 4.0" "MIT Project Athena" +.SH NAME +kprop \- network utility for Kerberos database propagation +.SH SYNOPSIS +.B kadmin database slaves_file [-force] [-safe | -clear] [-realm realm] +.SH DESCRIPTION +The +.I kprop +daemon runs on a Kerberos master and propagates the Kerberos +database to the Kerberos slaves, where it is received by the waiting kpropd +daemon. + +The first parameter, +.IR database , +is the name of the file out of which data is +extracted. This file is not the db-formatted Kerberos database, +.IR /etc/kerberosIV/principal.db . +See the +.I db(3) +reference page for more +information. The database is a file created by the +.B kdb_util slave dump +command. It is an ASCII representation of the Kerberos database. + +The second parameter that must be supplied is +.IR slaves_file , +the name of the +file on the Kerberos master that lists the Kerberos slaves to which kprop +propagates the Kerberos master database. The slaves file contains one +line for each host running a secondary server consisting on just the hostname +of the machine. + +The Kerberos utility first determines whether the ASCII Kerberos database, +database, was correctly dumped by +.BR kdb_util . +It accomplishes this by +determining if database is older than the +.B database.dump.ok +file created by +.I kdb_util +during the slave dump operation. If it is older, the dump did not +succeed or is not yet finished. If the dump did not complete successfully +or has not yet completed, the master database is not transferred to any +Kerberos slave. Otherwise, +.I kprop +determines, for each slave server listed +in the slaves file, whether or not the database has changed since the last +successful transfer to the slave. It determines this for slave server +.I cactus +by comparing the modification time of the +.I cactus-last-prop +file, which is stored in the same directory as the slaves file, +with the modification time of database. If the +.I /etc/cactus-last-prop +file +is newer, then the database, need not be transferred to +.IR cactus . +Finally, +.I kprop +propagates the database to those servers which need a new +copy of the database and updates the modification time of the +.I /etc/server-last-prop +file for these slave servers. +.PP +If the +.B \-safe +option is specified, the data sent over the network is guaranteed to be +authenticated at the destination and protected against modifications +in transit. That is, kprop and kpropd, which are Kerberos princi- +pals, become Kerberos-authenticated to each other and send messages +formatted by krb_mk_safe. +.PP +If the +.B \-clear +option is specified, all of the data will be sent in cleartext (unencrypted). +This switch is useful when first setting up the Kerberos environment. +.PP +If the +.B \-realm +option is specified, its argument is used as the current realm name rather +than the default specified in +.B krb.conf(5) +file. +.PP +If the +.B \-force +option is specified, +.B kprop +is forced to propagate the Kerberos database to the slaves, even if there are +no recent changes to the database. Without the force flag, the Kerberos +database is not propagated if the database file has not changed since the last +successful transfer. +.SH BUGS +This utility does not support the transfer of encrypted data. + +The +.B -clear +and +.B -safe +options are not implemented. + +.SH "SEE ALSO" +kerberos(1), kpropd(8) +.br +``A Subsystem Utilities Package for UNIX'' by Ken Raeburn diff --git a/kerberosIV/kpropd/Makefile b/kerberosIV/kpropd/Makefile index 3d12f9af527..ca125810852 100644 --- a/kerberosIV/kpropd/Makefile +++ b/kerberosIV/kpropd/Makefile @@ -1,9 +1,9 @@ -# $Id: Makefile,v 1.1.1.1 1995/12/14 06:52:52 tholo Exp $ +# $Id: Makefile,v 1.2 1997/06/29 07:21:19 deraadt Exp $ PROG= kpropd LDADD+= -lkrb -ldes DPADD+= ${LIBKRB} ${LIBDES} -NOMAN= noman +MAN= kpropd.8 BINDIR=/usr/libexec .include <bsd.prog.mk> diff --git a/kerberosIV/kpropd/kpropd.8 b/kerberosIV/kpropd/kpropd.8 new file mode 100644 index 00000000000..e1a148b4f11 --- /dev/null +++ b/kerberosIV/kpropd/kpropd.8 @@ -0,0 +1,79 @@ +.\" +.\" +.\" +.TH KPROPD 8 "Kerberos Version 4.0" "MIT Project Athena" +.SH NAME +kpropd \- network utility for Kerberos database propagation +.SH SYNOPSIS +.B kpropd [-r realm] [-s srvtab] [-d database_file] [-l logfile] [-p kdb_util_path] output_file +.SH DESCRIPTION +This daemon runs on a Kerberos slave and waits to receive the +Kerberos database propagated from a +.I kprop +process on a Kerberos master. +The first parameter, +.BR output_file , +that you must supply to the daemon is the name of a text file in which +data will be placed when it comes over the network. + +This utility executes the +.I kdb_util +utility, which loads the database +from the file specified in +.BR output_file , +puts it in +.I db(3) +format, and copies it into the Kerberos database in the directory +.IR /etc/kerberosIV . +.SH OPTIONS +.TP 7 +.B \-r +Specifies the reciever realm for which data is accepted; +.I /etc/krb.conf +specifies the default. +.TP +.B \-s +Specifies the service table file from which to read the password +of the daemon, because a password cannot be entered manually when +running as a daemon. The default is: +.IR /etc/kerberosIV/srvtab . +.TP +.B \-d +Specifies the primary Kerberos database file of a +Kerberos slave. +This file receives a new or updated +database propagated from the Kerberos master. +The default is the database in the directory +.IR /etc/kerberosIV , +The file is: +.IR principal.db . +.TP +.B \-l +Specifies the name of the log file to be used. The default is: +.IR /var/log/kpropd.log . +.TP +.B \-p +Specificies the full path (with directory and command) to the program +.IR kdb_util . +The default is just: +.I kdb_util +which relies on the PATH environment variable to be searched to find it. +.TP +.B \-P +Synonym for +.BR \-p . +.SH BUGS +This utility does not support the transfer of encrypted data. + +If the +.B \-P +or +.B \-p +options are not specified and the PATH environment variable does not +contain the directory with +.IR kdb_util , +this program will fail. +.SH "SEE ALSO" +kerberos(1), kprop(8) +.br +``A Subsystem Utilities Package for UNIX'' by Ken Raeburn |