IPROP(8)						    BSD System Manager's Manual 						  IPROP(8)

NAME

     iprop, ipropd-master, ipropd-slave -- propagate changes to a Heimdal Kerberos master KDC to slave KDCs

SYNOPSIS

     ipropd-master [-c string | --config-file=string] [-r string | --realm=string] [-k kspec | --keytab=kspec] [-d file | --database=file]
		   [--slave-stats-file=file] [--time-missing=time] [--time-gone=time] [--detach] [--version] [--help]
     ipropd-slave [-c string | --config-file=string] [-r string | --realm=string] [-k kspec | --keytab=kspec] [--time-lost=time] [--detach]
		   [--version] [--help] master

DESCRIPTION

     ipropd-master is used to propagate changes to a Heimdal Kerberos database from the master Kerberos server on which it runs to slave Kerberos
     servers running ipropd-slave.

     The slaves are specified by the contents of the slaves file in the KDC's database directory, e.g. /var/heimdal/slaves.  This has principals
     one per-line of the form
	   iprop/slave@REALM
     where slave is the hostname of the slave server in the given REALM, e.g.
	   iprop/kerberos-1.example.com@EXAMPLE.COM
     On a slave, the argument master specifies the hostname of the master server from which to receive updates.

     In contrast to hprop(8), which sends the whole database to the slaves regularly, iprop normally sends only the changes as they happen on the
     master.  The master keeps track of all the changes by assigning a version number to every change to the database.	The slaves know which was
     the latest version they saw, and in this way it can be determined if they are in sync or not.  A log of all the changes is kept on the mas-
     ter.  When a slave is at an older version than the oldest one in the log, the whole database has to be sent.

     The changes are propagated over a secure channel (on port 2121 by default).  This should normally be defined as ``iprop/tcp'' in
     /etc/services or another source of the services database.	The master and slaves must each have access to a keytab with keys for the iprop
     service principal on the local host.

     There is a keep-alive feature logged in the master's slave-stats file (e.g. /var/heimdal/slave-stats).

     Supported options for ipropd-master:

     -c string, --config-file=string

     -r string, --realm=string

     -k kspec, --keytab=kspec
	     keytab to get authentication from

     -d file, --database=file
	     Database (default per KDC)

     --slave-stats-file=file
	     file for slave status information

     --time-missing=time
	     time before slave is polled for presence (default 2 min)

     --time-gone=time
	     time of inactivity after which a slave is considered gone (default 5 min)

     --detach
	     detach from console

     --version

     --help

     Supported options for ipropd-slave:

     -c string, --config-file=string

     -r string, --realm=string

     -k kspec, --keytab=kspec
	     keytab to get authentication from

     --time-lost=time
	     time before server is considered lost (default 5 min)

     --detach
	     detach from console

     --version

     --help
     Time arguments for the relevant options above may be specified in forms like 5 min, 300 s, or simply a number of seconds.

FILES

     slaves, slave-stats in the database directory.

SEE ALSO

     krb5.conf(5), hprop(8), hpropd(8), iprop-log(8), kdc(8).

Heimdal 							   May 24, 2005 							   Heimdal