Provided by: heimdal-kdc_1.6~git20131207+dfsg-1ubuntu1.2_amd64 bug

NAME
       iprop, ipropd-master, ipropd-slave — propagate changes to a Heimdal Kerberos master KDC to slave KDCs


SYNOPSIS
       ipropd-master [-c string | --config-file=string] [-r string | --realm=string] [-k kspec | --keytab=kspec]
                     [-d     file    |    --database=file]    [--slave-stats-file=file]    [--time-missing=time]
                     [--time-gone=time] [--detach] [--version] [--help]
       ipropd-slave [-c string | --config-file=string] [-r string | --realm=string] [-k kspec |  --keytab=kspec]
                     [--time-lost=time] [--detach] [--version] [--help] master


DESCRIPTION
       ipropd-master is used to propagate changes to a Heimdal Kerberos database from the master Kerberos server
       on which it runs to slave Kerberos servers running ipropd-slave.

       The  slaves  are  specified  by  the  contents  of  the slaves file in the KDC's database directory, e.g.
       /var/heimdal/slaves.  This has principals one per-line of the form
             iprop/slave@REALM
       where slave is the hostname of the slave server in the given REALM, e.g.
             iprop/kerberos-1.example.com@EXAMPLE.COM
       On a slave, the argument master specifies the hostname  of  the  master  server  from  which  to  receive
       updates.

       In  contrast  to  hprop(8),  which sends the whole database to the slaves regularly, iprop normally sends
       only the changes as they happen on the master.  The master keeps track of all the changes by assigning  a
       version  number  to every change to the database.  The slaves know which was the latest version they saw,
       and in this way it can be determined if they are in sync or not.  A log of all the changes is kept on the
       master.  When a slave is at an older version than the oldest one in the log, the whole database has to be
       sent.

       The changes are propagated over a secure channel (on port 2121 by  default).   This  should  normally  be
       defined  as  “iprop/tcp”  in  /etc/services  or  another source of the services database.  The master and
       slaves must each have access to a keytab with keys for the iprop service principal on the local host.

       There is a keep-alive feature logged in the master's slave-stats file (e.g. /var/heimdal/slave-stats).

       Supported options for ipropd-master:

       -c string, --config-file=string

       -r string, --realm=string

       -k kspec, --keytab=kspec
               keytab to get authentication from

       -d file, --database=file
               Database (default per KDC)

       --slave-stats-file=file
               file for slave status information

       --time-missing=time
               time before slave is polled for presence (default 2 min)

       --time-gone=time
               time of inactivity after which a slave is considered gone (default 5 min)

       --detach
               detach from console

       --version

       --help

       Supported options for ipropd-slave:

       -c string, --config-file=string

       -r string, --realm=string

       -k kspec, --keytab=kspec
               keytab to get authentication from

       --time-lost=time
               time before server is considered lost (default 5 min)

       --detach
               detach from console

       --version

       --help
       Time arguments for the relevant options above may be specified in forms like 5 min, 300 s,  or  simply  a
       number of seconds.


FILES
       slaves, slave-stats in the database directory.


SEE ALSO
       krb5.conf(5), hprop(8), hpropd(8), iprop-log(8), kdc(8).

Heimdal                                           May 24, 2005                                          IPROP(8)