update with reality
git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@8405 ec53bebd-3082-4978-b11e-865c3cabbd6b
This commit is contained in:
Johan Danielsson
177
kdc/hprop.8
177
kdc/hprop.8
@@ -1,6 +1,6 @@
|
||||
.\" $Id$
|
||||
.\"
|
||||
.Dd September 3, 1997
|
||||
.Dd June 19, 2000
|
||||
.Dt HPROP 8
|
||||
.Os HEIMDAL
|
||||
.Sh NAME
|
||||
@@ -9,58 +9,159 @@
|
||||
propagate the KDC database
|
||||
.Sh SYNOPSIS
|
||||
.Nm
|
||||
.Op Fl 4DEhnv
|
||||
.Op Fl d Ar file
|
||||
.Op Fl -database= Ns Ar file
|
||||
.Op Fl -decrypt
|
||||
.Op Fl -encrypt
|
||||
.Op Fl -help
|
||||
.Op Fl k
|
||||
.Op Fl -keytab= Ns Ar file
|
||||
.Op Fl m Ar file
|
||||
.Op Fl -master-key= Ns Ar file
|
||||
.Op Fl -stdout
|
||||
.Op Fl -v4-db
|
||||
.Op Fl -verbose
|
||||
.Oo Fl m Ar file \*(Ba Xo
|
||||
.Fl -master-key= Ns Pa file Oc
|
||||
.Xc
|
||||
.Oo Fl d Ar file \*(Ba Xo
|
||||
.Fl -database= Ns Pa file Oc
|
||||
.Xc
|
||||
.Op Fl -source= Ns Ar heimdal|krb4-db|krb4-dump
|
||||
.Op Fl 4 | Fl -v4-db
|
||||
.Op Fl K | Fl -ka-db
|
||||
.Oo Fl c Ar cell \*(Ba Xo
|
||||
.Fl -cell= Ns Ar cell Oc
|
||||
.Xc
|
||||
.Op Fl S | Fl -kaspecials
|
||||
.Oo Fl r Ar string \*(Ba Xo
|
||||
.Fl -v4-realm= Ns Ar string Oc
|
||||
.Xc
|
||||
.Oo Fl k Ar keytab \*(Ba Xo
|
||||
.Fl -keytab= Ns Ar keytab Oc
|
||||
.Xc
|
||||
.Oo Fl R Ar string \*(Ba Xo
|
||||
.Fl -v5-realm= Ns Ar string Oc
|
||||
.Xc
|
||||
.Op Fl D | Fl -decrypt
|
||||
.Op Fl E | Fl -encrypt
|
||||
.Op Fl n | Fl -stdout
|
||||
.Oo Fl p Ar integer \*(Ba Xo
|
||||
.Fl -port= Ns Ar integer Oc
|
||||
.Xc
|
||||
.Op Fl v | Fl -verbose
|
||||
.Op Fl -version
|
||||
.Op Fl h | Fl -help
|
||||
.Ar host ...
|
||||
.Sh DESCRIPTION
|
||||
.Nm
|
||||
propagates the database from a master KDC to a slave. It connects to
|
||||
all
|
||||
takes a principal database in a specified format and converts it into
|
||||
a stream of Heimdal database records. This stream can either be
|
||||
written to standard out, or (more commonly) be propagated to a
|
||||
.Xr hpropd 8
|
||||
server running on a different machine.
|
||||
.Pp
|
||||
If propagating, it connects to all
|
||||
.Ar hosts
|
||||
specified on the command by opening a TCP connection to port 754
|
||||
(service hprop) and sends the database in encrypted form.
|
||||
.Pp
|
||||
Options supported:
|
||||
Supported options:
|
||||
.Bl -tag -width Ds
|
||||
.It Fl d Ar file
|
||||
.It Fl -database= Ns Ar file
|
||||
.It Xo
|
||||
.Fl m Ar file Ns ,
|
||||
.Fl -master-key= Ns Pa file
|
||||
.Xc
|
||||
Where to find the master key to encrypt or decrypt keys with.
|
||||
.It Xo
|
||||
.Fl d Ar file Ns ,
|
||||
.Fl -database= Ns Pa file
|
||||
.Xc
|
||||
The database to be propagated.
|
||||
.It Fl D
|
||||
.It Fl -decrypt
|
||||
The encryption keys in the database can either be in clear, or
|
||||
encrypted with a master key. This option thansmits the database with
|
||||
unencrypted keys.
|
||||
.It Fl E
|
||||
.It Fl -encrypt
|
||||
This option thansmits the database with encrypted keys.
|
||||
.It Fl k
|
||||
.It Fl -keytab= Ns Ar file
|
||||
.It Xo
|
||||
.Fl -source= Ns Ar heimdal|krb4-db|krb4-dump
|
||||
.Xc
|
||||
Specifies the type of the source database. Alternaves include:
|
||||
.Bl -tag -width krb4-dump
|
||||
.It heimdal
|
||||
a Heimdal database
|
||||
.\" .It mit-dump
|
||||
.\" a MIT Kerberos 5 dump file
|
||||
.It krb4-db
|
||||
a Kerberos 4 database
|
||||
.It krb4-dump
|
||||
a Kerberos 4 dump file
|
||||
.It kaserver
|
||||
a Transarc kaserver database
|
||||
.El
|
||||
.It Xo
|
||||
.Fl k Ar keytab Ns ,
|
||||
.Fl -keytab= Ns Ar keytab
|
||||
.Xc
|
||||
The keytab to use for fetching the key to be used for authenticating
|
||||
to the propagation daemon(s). The key
|
||||
.Pa kadmin/hprop
|
||||
is used from this keytab.
|
||||
.It Fl m Ar file
|
||||
.It Fl -master-key= Ns Ar file
|
||||
Where to find the master key to encrypt or decrypt keys with.
|
||||
.It Fl n
|
||||
.It Fl -stdout
|
||||
.It Xo
|
||||
.Fl R Ar string Ns ,
|
||||
.Fl -v5-realm= Ns Ar string
|
||||
.Xc
|
||||
Local realm override.
|
||||
.It Xo
|
||||
.Fl D Ns ,
|
||||
.Fl -decrypt
|
||||
.Xc
|
||||
The encryption keys in the database can either be in clear, or
|
||||
encrypted with a master key. This option thansmits the database with
|
||||
unencrypted keys.
|
||||
.It Xo
|
||||
.Fl E Ns ,
|
||||
.Fl -encrypt
|
||||
.Xc
|
||||
This option thansmits the database with encrypted keys.
|
||||
.It Xo
|
||||
.Fl n Ns ,
|
||||
.Fl -stdout
|
||||
.Xc
|
||||
Dump the database on stdout, in a format that can be fed to hpropd.
|
||||
.It Fl 4
|
||||
.It Fl -v4-db
|
||||
Use a version 4 database. This option is only available if the code is
|
||||
compiled with Kerberos 4 support.
|
||||
.El
|
||||
|
||||
The following options are only valid if
|
||||
.Nm hprop
|
||||
is compiled with support for Kerberos 4 (and kaserver).
|
||||
.Bl -tag -width Ds
|
||||
.It Xo
|
||||
.Fl 4 Ns ,
|
||||
.Fl -v4-db
|
||||
.Xc
|
||||
Deprecated, identical to
|
||||
.Sq --source=krb4-db .
|
||||
.It Xo
|
||||
.Fl K Ns ,
|
||||
.Fl -ka-db
|
||||
.Xc
|
||||
Deprecated, identical to
|
||||
.Sq --source=kaserver .
|
||||
.It Xo
|
||||
.Fl r Ar string Ns ,
|
||||
.Fl -v4-realm= Ns Ar string
|
||||
.Xc
|
||||
v4 realm to use
|
||||
.It Xo
|
||||
.Fl c Ar cell Ns ,
|
||||
.Fl -cell= Ns Ar cell
|
||||
.Xc
|
||||
The AFS cell name, used if reading a kaserver database.
|
||||
.It Xo
|
||||
.Fl S Ns ,
|
||||
.Fl -kaspecials
|
||||
.Xc
|
||||
Also dump the principals marked as special in the kaserver database.
|
||||
.El
|
||||
|
||||
.Sh EXAMPLES
|
||||
The following will propagate a database to another machine (which
|
||||
should run hprop):
|
||||
.Bd -literal -offset indent
|
||||
$ hprop slave-1 slave-2
|
||||
.Ed
|
||||
|
||||
Copy a Kerberos 4 database to a Kerberos 5 slave:
|
||||
.Bd -literal -offset indent
|
||||
$ hprop -4 -E krb5-slave
|
||||
.Ed
|
||||
|
||||
Convert a Kerberos 4 database for use with a Heimdal KDC:
|
||||
.Bd -literal -offset indent
|
||||
$ hprop -n -4 -E | hpropd -n
|
||||
.Ed
|
||||
.Sh SEE ALSO
|
||||
.Xr hpropd 8
|
||||
|
||||
Reference in New Issue
Block a user