FreeBSD Manual Pages
IPROP(8) System Manager's Manual IPROP(8) NAME iprop, ipropd-master, ipropd-slave -- propagate transactions from a Heimdal Kerberos master KDC to slave KDCs SYNOPSIS ipropd-master [-c string | --config-file=string] [-r string | --realm=string] [-k kspec | --keytab=kspec] [-d file | --database=file] [--slave-stats-file=file] [--time-missing=time] [--time-gone=time] [--detach] [--version] [--help] ipropd-slave [-c string | --config-file=string] [-r string | --realm=string] [-k kspec | --keytab=kspec] [--time-lost=time] [--detach] [--version] [--help] master DESCRIPTION ipropd-master is used to propagate changes to a Heimdal Kerberos data- base from the master Kerberos server on which it runs to slave Kerberos servers running ipropd-slave. The slaves are specified by the contents of the slaves file in the KDC's database directory, e.g. /var/heimdal/slaves. This has princi- pals one per-line of the form iprop/slave@REALM where slave is the hostname of the slave server in the given REALM, e.g. iprop/kerberos-1.example.com@EXAMPLE.COM On a slave, the argument master specifies the hostname of the master server from which to receive updates. In contrast to hprop(8), which sends the whole database to the slaves regularly, iprop normally sends only the changes as they happen on the master. The master keeps track of all the changes by assigning a ver- sion number to every transaction to the database. The slaves know which was the latest version they saw, and in this way it can be deter- mined if they are in sync or not. A log of all the transactions is kept on the master. When a slave is at an older version than the old- est one in the log, the whole database has to be sent. The log of transactions is also used to implement a two-phase commit (with roll-forward for recovery) method of updating the HDB. Transac- tions are first recorded in the log, then in the HDB, then the log is updated to mark the transaction as committed. The changes are propagated over a secure channel (on port 2121 by de- fault). This should normally be defined as "iprop/tcp" in /etc/services or another source of the services database. The master and slaves must each have access to a keytab with keys for the iprop service principal on the local host. There is a keep-alive feature logged in the master's slave-stats file (e.g. /var/heimdal/slave-stats). Supported options for ipropd-master: -c string, --config-file=string -r string, --realm=string -k kspec, --keytab=kspec keytab to get authentication from -d file, --database=file Database (default per KDC) --slave-stats-file=file file for slave status information --time-missing=time time before slave is polled for presence (default 2 min) --time-gone=time time of inactivity after which a slave is considered gone (de- fault 5 min) --detach detach from console --version --help Supported options for ipropd-slave: -c string, --config-file=string -r string, --realm=string -k kspec, --keytab=kspec keytab to get authentication from --time-lost=time time before server is considered lost (default 5 min) --detach detach from console --version --help Time arguments for the relevant options above may be specified in forms like 5 min, 300 s, or simply a number of seconds. FILES slaves, slave-stats in the database directory. ipropd-master.pid, ipropd-slave.pid in the database directory, or in the directory named by the HEIM_PIDFILE_DIR environment variable. SEE ALSO krb5.conf(5), hprop(8), hpropd(8), iprop-log(8), kdc(8). FreeBSD Ports 14.quarterly May 24, 2005 IPROP(8)
NAME | SYNOPSIS | DESCRIPTION | FILES | SEE ALSO
Want to link to this manual page? Use this URL:
<https://man.freebsd.org/cgi/man.cgi?query=ipropd-master&sektion=8&manpath=FreeBSD+Ports+14.3.quarterly>