takes a principal database in a specified format and converts it into
a stream of Heimdal database records. This stream can either be
written to standard out, or (more commonly) be propagated to a
hpropd(8)
server running on a different machine.
If propagating, it connects to all
hosts
specified on the command by opening a TCP connection to port 754
(service hprop) and sends the database in encrypted form.
Supported options:
-m file
--master-key= file
Where to find the master key to encrypt or decrypt keys with.
Specifies the type of the source database. Alternatives include:
heimdal
a Heimdal database
mit-dump
a MIT Kerberos 5 dump file
krb4-db
a Kerberos 4 database
krb4-dump
a Kerberos 4 dump file
kaserver
an AFS kaserver database
-k keytab
--keytab= keytab
The keytab to use for fetching the key to be used for authenticating
to the propagation daemon(s). The key
kadmin/hprop
is used from this keytab. The default is to fetch the key from the
KDC database.
-R string
--v5-realm= string
Local realm override.
-D
--decrypt
The encryption keys in the database can either be in clear, or
encrypted with a master key. This option transmits the database with
unencrypted keys.
-E
--encrypt
This option transmits the database with encrypted keys.
-n
--stdout
Dump the database on stdout, in a format that can be fed to hpropd.
The following options are only valid if
hprop
is compiled with support for Kerberos 4 (kaserver).
-r string
--v4-realm= string
v4 realm to use.
-c cell
--cell= cell
The AFS cell name, used if reading a kaserver database.
-S
--kaspecials
Also dump the principals marked as special in the kaserver database.
-4
--v4-db
Deprecated, identical to
`--source=krb4-db'
-K
--ka-db
Deprecated, identical to
`--source=kaserver'
EXAMPLES
The following will propagate a database to another machine (which
should run
hpropd(8)):
$ hprop slave-1 slave-2
Copy a Kerberos 4 database to a Kerberos 5 slave:
$ hprop --source=krb4-db -E krb5-slave
Convert a Kerberos 4 dump-file for use with a Heimdal KDC:
