NOTE

Propagation

mkpropcf

mkpropcf

The mkpropcf tool creates the kpropd.ini file, which is the default propagation configuration file in a propagation hierarchy. The mkpropcf tool exports the kpropd.ini file to the secondary servers. This file can be located at the following directory:

/opt/krb5/install/mkpropcf

When the mkpropcf is executed on the primary security server without any arguments, it creates the krpopd.ini file in the /opt/krb5 directory. mkpropcf derives the information from the primary security server’s krb.conf file and takes into account only those security servers that have been configured in the default realm, as specified in the krb.conf file.

If the Kerberos configuration file, krb.conf, does not exist, then mkpropcf creates a sample kpropd.ini file with one primary server and 10 secondary servers.

The general syntax for creating the kpropd.ini file is:

/opt/krb5/install/mkpropcf [-d] [-e] [-i file_name] [-f]

mkpropcf supports the following options:

-d

Deletes the existing the kpropd.ini file

-e

Used on the primary security server to export the

 

information in the /opt/krb5/admin/kpropd.ini file

 

into the temporary /opt/krb5/export.ini file on the

 

primary server. This file then needs to be manually

 

copied to the secondary server.

-i

Run on a secondary security server to import the

 

information from the temporary export.ini file into

 

the secondary server’s kpropd.ini file. If a previous

 

configuration exists, to force re-writing of the

 

kpropd.ini file it must be used with the -foption. If

 

the -foption is not used, mkpropcf displays an error

 

message and does not create the new configuration file.

Chapter 7

215