oysteikt/heimdal
0
0
Fork 0
Code Issues 5 Pull Requests Releases Activity

update with reality

Browse Source 
git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@8405 ec53bebd-3082-4978-b11e-865c3cabbd6b
This commit is contained in:
Johan Danielsson
2000-06-19 15:46:49 +00:00
parent 833fad9cb0
commit 53b8d5862f
1 changed files with 139 additions and 38 deletions
Download Patch File Download Diff File Expand all files Collapse all files

177
kdc/hprop.8
View File

@@ -1,6 +1,6 @@
.\" $Id$ .\" $Id$
.\" .\"
.Dd September 3, 1997 .Dd June 19, 2000
.Dt HPROP 8 .Dt HPROP 8
.Os HEIMDAL .Os HEIMDAL
.Sh NAME .Sh NAME
@@ -9,58 +9,159 @@
propagate the KDC database propagate the KDC database
.Sh SYNOPSIS .Sh SYNOPSIS
.Nm .Nm
.Op Fl 4DEhnv .Oo Fl m Ar file \*(Ba Xo
.Op Fl d Ar file .Fl -master-key= Ns Pa file Oc
.Op Fl -database= Ns Ar file .Xc
.Op Fl -decrypt .Oo Fl d Ar file \*(Ba Xo
.Op Fl -encrypt .Fl -database= Ns Pa file Oc
.Op Fl -help .Xc
.Op Fl k .Op Fl -source= Ns Ar heimdal|krb4-db|krb4-dump
.Op Fl -keytab= Ns Ar file .Op Fl 4 | Fl -v4-db
.Op Fl m Ar file .Op Fl K | Fl -ka-db
.Op Fl -master-key= Ns Ar file .Oo Fl c Ar cell \*(Ba Xo
.Op Fl -stdout .Fl -cell= Ns Ar cell Oc
.Op Fl -v4-db .Xc
.Op Fl -verbose .Op Fl S | Fl -kaspecials
.Oo Fl r Ar string \*(Ba Xo
.Fl -v4-realm= Ns Ar string Oc
.Xc
.Oo Fl k Ar keytab \*(Ba Xo
.Fl -keytab= Ns Ar keytab Oc
.Xc
.Oo Fl R Ar string \*(Ba Xo
.Fl -v5-realm= Ns Ar string Oc
.Xc
.Op Fl D | Fl -decrypt
.Op Fl E | Fl -encrypt
.Op Fl n | Fl -stdout
.Oo Fl p Ar integer \*(Ba Xo
.Fl -port= Ns Ar integer Oc
.Xc
.Op Fl v | Fl -verbose
.Op Fl -version .Op Fl -version
.Op Fl h | Fl -help
.Ar host ... .Ar host ...
.Sh DESCRIPTION .Sh DESCRIPTION
.Nm .Nm
propagates the database from a master KDC to a slave. It connects to takes a principal database in a specified format and converts it into
all a stream of Heimdal database records. This stream can either be
written to standard out, or (more commonly) be propagated to a
.Xr hpropd 8
server running on a different machine.
.Pp
If propagating, it connects to all
.Ar hosts .Ar hosts
specified on the command by opening a TCP connection to port 754 specified on the command by opening a TCP connection to port 754
(service hprop) and sends the database in encrypted form. (service hprop) and sends the database in encrypted form.
.Pp .Pp
Options supported: Supported options:
.Bl -tag -width Ds .Bl -tag -width Ds
.It Fl d Ar file .It Xo
.It Fl -database= Ns Ar file .Fl m Ar file Ns ,
.Fl -master-key= Ns Pa file
.Xc
Where to find the master key to encrypt or decrypt keys with.
.It Xo
.Fl d Ar file Ns ,
.Fl -database= Ns Pa file
.Xc
The database to be propagated. The database to be propagated.
.It Fl D .It Xo
.It Fl -decrypt .Fl -source= Ns Ar heimdal|krb4-db|krb4-dump
The encryption keys in the database can either be in clear, or .Xc
encrypted with a master key. This option thansmits the database with Specifies the type of the source database. Alternaves include:
unencrypted keys. .Bl -tag -width krb4-dump
.It Fl E .It heimdal
.It Fl -encrypt a Heimdal database
This option thansmits the database with encrypted keys. .\" .It mit-dump
.It Fl k .\" a MIT Kerberos 5 dump file
.It Fl -keytab= Ns Ar file .It krb4-db
a Kerberos 4 database
.It krb4-dump
a Kerberos 4 dump file
.It kaserver
a Transarc kaserver database
.El
.It Xo
.Fl k Ar keytab Ns ,
.Fl -keytab= Ns Ar keytab
.Xc
The keytab to use for fetching the key to be used for authenticating The keytab to use for fetching the key to be used for authenticating
to the propagation daemon(s). The key to the propagation daemon(s). The key
.Pa kadmin/hprop .Pa kadmin/hprop
is used from this keytab. is used from this keytab.
.It Fl m Ar file .It Xo
.It Fl -master-key= Ns Ar file .Fl R Ar string Ns ,
Where to find the master key to encrypt or decrypt keys with. .Fl -v5-realm= Ns Ar string
.It Fl n .Xc
.It Fl -stdout Local realm override.
.It Xo
.Fl D Ns ,
.Fl -decrypt
.Xc
The encryption keys in the database can either be in clear, or
encrypted with a master key. This option thansmits the database with
unencrypted keys.
.It Xo
.Fl E Ns ,
.Fl -encrypt
.Xc
This option thansmits the database with encrypted keys.
.It Xo
.Fl n Ns ,
.Fl -stdout
.Xc
Dump the database on stdout, in a format that can be fed to hpropd. Dump the database on stdout, in a format that can be fed to hpropd.
.It Fl 4
.It Fl -v4-db
Use a version 4 database. This option is only available if the code is
compiled with Kerberos 4 support.
.El .El
The following options are only valid if
.Nm hprop
is compiled with support for Kerberos 4 (and kaserver).
.Bl -tag -width Ds
.It Xo
.Fl 4 Ns ,
.Fl -v4-db
.Xc
Deprecated, identical to
.Sq --source=krb4-db .
.It Xo
.Fl K Ns ,
.Fl -ka-db
.Xc
Deprecated, identical to
.Sq --source=kaserver .
.It Xo
.Fl r Ar string Ns ,
.Fl -v4-realm= Ns Ar string
.Xc
v4 realm to use
.It Xo
.Fl c Ar cell Ns ,
.Fl -cell= Ns Ar cell
.Xc
The AFS cell name, used if reading a kaserver database.
.It Xo
.Fl S Ns ,
.Fl -kaspecials
.Xc
Also dump the principals marked as special in the kaserver database.
.El
.Sh EXAMPLES
The following will propagate a database to another machine (which
should run hprop):
.Bd -literal -offset indent
$ hprop slave-1 slave-2
.Ed
Copy a Kerberos 4 database to a Kerberos 5 slave:
.Bd -literal -offset indent
$ hprop -4 -E krb5-slave
.Ed
Convert a Kerberos 4 database for use with a Heimdal KDC:
.Bd -literal -offset indent
$ hprop -n -4 -E | hpropd -n
.Ed
.Sh SEE ALSO .Sh SEE ALSO
.Xr hpropd 8 .Xr hpropd 8