[**-r** *realm*]
[**-m**]
[**-nofork**]
+[**-proponly**]
[**-port** *port-number*]
[**-P** *pid_file*]
[**-p** *kdb5_util_path*]
associated to the terminal. In normal operation, you should allow
the server to place itself in the background.
+**-proponly**
+ causes the server to only listen and respond to Kerberos slave
+ incremental propagation polling requests. This option can be used
+ to set up a hierarchical propagation topology where a slave KDC
+ provides incremental updates to other Kerberos slaves.
+
**-port** *port-number*
specifies the port on which the administration server listens for
connections. The default port is determined by the
{
fprintf(stderr, _("Usage: kadmind [-x db_args]* [-r realm] [-m] [-nofork] "
"[-port port-number]\n"
- "\t\t[-p path-to-kdb5_util] [-F dump-file]\n"
+ "\t\t[-proponly] [-p path-to-kdb5_util] [-F dump-file]\n"
"\t\t[-K path-to-kprop] [-P pid_file]\n"
"\nwhere,\n\t[-x db_args]* - any number of database "
"specific arguments.\n"
return st1 ? st1 : st2;
}
-/* Set up the main loop. May set *ctx_out even on error. */
+/* Set up the main loop. If proponly is set, don't set up ports for kpasswd or
+ * kadmin. May set *ctx_out even on error. */
static krb5_error_code
-setup_loop(verto_ctx **ctx_out)
+setup_loop(int proponly, verto_ctx **ctx_out)
{
krb5_error_code ret;
verto_ctx *ctx;
ret = loop_setup_signals(ctx, global_server_handle, NULL);
if (ret)
return ret;
- ret = loop_add_udp_port(handle->params.kpasswd_port);
- if (ret)
- return ret;
- ret = loop_add_tcp_port(handle->params.kpasswd_port);
- if (ret)
- return ret;
- ret = loop_add_rpc_service(handle->params.kadmind_port, KADM, KADMVERS,
- kadm_1);
- if (ret)
- return ret;
+ if (!proponly) {
+ ret = loop_add_udp_port(handle->params.kpasswd_port);
+ if (ret)
+ return ret;
+ ret = loop_add_tcp_port(handle->params.kpasswd_port);
+ if (ret)
+ return ret;
+ ret = loop_add_rpc_service(handle->params.kadmind_port, KADM, KADMVERS,
+ kadm_1);
+ if (ret)
+ return ret;
+ }
#ifndef DISABLE_IPROP
if (handle->params.iprop_enabled) {
ret = loop_add_rpc_service(handle->params.iprop_port, KRB5_IPROP_PROG,
verto_ctx *vctx;
const char *pid_file = NULL;
char **db_args = NULL, **tmpargs;
- int ret, i, db_args_size = 0, strong_random = 1;
+ int ret, i, db_args_size = 0, strong_random = 1, proponly = 0;
setlocale(LC_ALL, "");
setvbuf(stderr, NULL, _IONBF, 0);
#ifdef USE_PASSWORD_SERVER
} else if (strcmp(*argv, "-passwordserver") == 0) {
kadm5_set_use_password_server();
+#endif
+#ifndef DISABLE_IPROP
+ } else if (strcmp(*argv, "-proponly") == 0) {
+ proponly = 1;
#endif
} else if (strcmp(*argv, "-port") == 0) {
argc--, argv++;
if (!(params.mask & KADM5_CONFIG_ACL_FILE))
fail_to_start(0, _("Missing required ACL file configuration"));
- ret = setup_loop(&vctx);
+ ret = setup_loop(proponly, &vctx);
if (ret)
fail_to_start(ret, _("initializing network"));