While setting up kpropd on a machine that is going to act as a secondary KDC for multiple realms, I needed a way to specify a location to the realm-specific kpropd.acl. I found it in the `-a acl_file' option to kpropd, but it turns out that option is not documented in the kpropd man page. I have a patch that adds some verbiage about the option. I also noticed that `-s srvtab' is not documented in the man page, but I'm not certain what the right verbiage is to include in the man page, so I have not added that. If someone wants to give me a short blurb with what the man page would say, I'll doctor up the man page to include that too. Finally, the parsing of the `-a' option in kpropd.c has a minor formatting issue, so that the case 'a': appears indented too far (it's hiding under the "case 'S':", and is easy to miss). This doesn't affect functionality at all, it only affects people viewing the source. Tim -- Tim Mooney mooney@dogbert.cc.ndsu.NoDak.edu Information Technology Services (701) 231-1076 (Voice) Room 242-J6, IACC Building (701) 231-8541 (Fax) North Dakota State University, Fargo, ND 58105-5164 diff -ur krb5-1.3.1.orig/src/slave/kpropd.M krb5-1.3.1/src/slave/kpropd.M --- krb5-1.3.1.orig/src/slave/kpropd.M 2001-09-24 18:09:24.000000000 -0500 +++ krb5-1.3.1/src/slave/kpropd.M 2003-12-23 16:45:53.000000000 -0600 @@ -119,11 +119,19 @@ .I kpropd to listen on. This is only useful if the program is run in standalone mode. +.TP +.B \-a +allows the user to specify the path to the +.IR kpropd.acl +file; by default the path used is KPROPD_ACL_FILE +(normally /usr/local/var/krb5kdc/kpropd.acl). .SH FILES .TP "\w'kpropd.acl\ \ 'u" kpropd.acl Access file for -.BR kpropd . +.BR kpropd +, the default location is KPROPD_ACL_FILE (normally +/usr/local/var/krb5kdc/kpropd.acl). Each entry is a line containing the principal of a host from which the local machine will allow Kerberos database propagation via kprop. .SH SEE ALSO diff -ur krb5-1.3.1.orig/src/slave/kpropd.c krb5-1.3.1/src/slave/kpropd.c --- krb5-1.3.1.orig/src/slave/kpropd.c 2001-12-06 13:02:05.000000000 -0600 +++ krb5-1.3.1/src/slave/kpropd.c 2003-12-23 17:01:28.000000000 -0600 @@ -478,7 +478,7 @@ case 'S': standalone++; break; - case 'a': + case 'a': if (*word) acl_file_name = word; else