DESCRIPTION
hprop takes a principal database in a specified format and converts it into a stream of Heimdal database records. This stream can either be written to standard out, or (more commonly) be propagated to a
hpropd(8) server running on a different machine.
If propagating, it connects to all hosts specified on the command by opening a TCP connection to port 754 (service hprop) and sends the database in encrypted form.
Supported options:
-
-m file, --master-key=file
-
Where to find the master key to encrypt or decrypt keys with.
-
-d file, --database=file
-
The database to be propagated.
-
--source=heimdal|mit-dump|krb4-dump|kaserver
-
Specifies the type of the source database. Alternatives include:
-
heimdal
-
a Heimdal database
-
mit-dump
-
a MIT Kerberos 5 dump file
+.It Fl k Ar keytab , Fl -keytab= Ns Ar keytab The keytab to use for fetching the key to be used for authenticating to the propagation daemon(s). The key hprop/hostname is used from this keytab. The default is to fetch the key from the KDC database.
-
-R string, --v5-realm=string
-
Local realm override.
-
-D, --decrypt
-
The encryption keys in the database can either be in clear, or encrypted with a master key. This option transmits the database with unencrypted keys.
-
-E, --encrypt
-
This option transmits the database with encrypted keys.
-
-n, --stdout
-
Dump the database on stdout, in a format that can be fed to hpropd.