
Propagating the Kerberos Server
The mkpropcf Tool
Chapter 9 249
The mkpropcf Tool
The /opt/krb5/install/mkpropcf tool creates the kpropd.ini file,
which is the default propagation configuration file in a propagation
hierarchy. The mkpropcf tool exports the kpropd.ini file to the
secondary security servers.
When you execute mkpropcf on the primary security server without any
arguments, it creates the krpopd.ini file in the /opt/krb5 directory.
The mkpropcf tool derives the information from the krb.conf file of the
primary security server and takes into account only those security
servers that are configured in the default realm, as specified in the
krb.conf file.
NOTE If the Kerberos configuration file, krb.conf, does not exist, mkpropcf
creates a sample kpropd.ini file with 1 primary security server and 10
secondary security servers.
The general syntax for creating the kpropd.ini file is as follows:
/opt/krb5/install/mkpropcf [-d] [-e] [-i file_name] [-f]
The mkpropcf tool supports the following options:
-d Deletes the existing the kpropd.ini file.
-e Exports the information in the
/opt/krb5/admin/kpropd.ini file into the temporary
/opt/krb5/export.ini file on the primary security
server. You must manually copy this file to the
secondary security server.
-i Imports the information from the temporary
export.ini file into the kpropd.ini file of the
secondary security server. If the configuration already
exists, use the -f option to force a rewrite of the
kpropd.ini file. If you do not use the -f option,
mkpropcf displays an error message and does not
create the new configuration file.