SYNOPSIS
-words [-m file | --master-key= file ] [-d file | --database= file ] [--source= heimdal|mit-dump ] [-r string | --v4-realm= string ] [-c cell | --cell= cell ] [-k keytab | --keytab= keytab ] [-R string | --v5-realm= string ] [-D | --decrypt ] [-E | --encrypt ] [-n | --stdout ] [-v | --verbose ] [--version ] [-h | --help ] [host [: port ] ] ...DESCRIPTION
takes a principal database in a specified format and converts it into a stream of Heimdal database records. This stream can either be written to standard out, or (more commonly) be propagated to a hpropd(8) server running on a different machine.If propagating, it connects to all hosts specified on the command by opening a TCP connection to port 754 (service hprop) and sends the database in encrypted form.
Supported options:
- -m file , --master-key= file
- Where to find the master key to encrypt or decrypt keys with.
- -d file , --database= file
- The database to be propagated.
- --source= heimdal|mit-dump|krb4-dump|kaserver
-
Specifies the type of the source database. Alternatives include:
- heimdal
- a Heimdal database
- mit-dump
- a MIT Kerberos 5 dump file
+.It Fl k Ar keytab , Fl Fl keytab= Ns Ar keytab The keytab to use for fetching the key to be used for authenticating to the propagation daemon(s). The key hprop/hostname is used from this keytab. The default is to fetch the key from the KDC database.
- -R string , --v5-realm= string
- Local realm override.
- -D , --decrypt
- The encryption keys in the database can either be in clear, or encrypted with a master key. This option transmits the database with unencrypted keys.
- -E , --encrypt
- This option transmits the database with encrypted keys.
- -n , --stdout
- Dump the database on stdout, in a format that can be fed to hpropd.
EXAMPLES
The following will propagate a database to another machine (which should run hpropd(8)):$ hprop slave-1 slave-2