**-f** *file*
Specifies the filename where the dumped principal database file is
to be found; by default the dumped database file is normally
- |kdcdir|\ ``/slave_datatrans``.
+ |kdcdir|\ ``/replica_datatrans``.
**-P** *port*
Specifies the port to use to contact the :ref:`kpropd(8)` server
Incremental propagation may be enabled with the **iprop_enable**
variable in :ref:`kdc.conf(5)`. If incremental propagation is
enabled, the replica periodically polls the master KDC for updates, at
-an interval determined by the **iprop_slave_poll** variable. If the
+an interval determined by the **iprop_replica_poll** variable. If the
replica receives updates, kpropd updates its log file with any updates
from the master. :ref:`kproplog(8)` can be used to view a summary of
the update entry log on the replica KDC. If incremental propagation
retained for incremental propagation. The default value is 1000.
Prior to release 1.11, the maximum value was 2500.
-**iprop_slave_poll**
+**iprop_replica_poll**
(Delta time string.) Specifies how often the replica KDC polls
for new updates from the master. The default value is ``2m``
- (that is, two minutes).
+ (that is, two minutes). New in release 1.17.
+
+**iprop_slave_poll**
+ (Delta time string.) The name for **iprop_replica_poll** prior to
+ release 1.17. Its value is used as a fallback if
+ **iprop_replica_poll** is not specified.
**iprop_listen**
(Whitespace- or comma-separated list.) Specifies the iprop RPC
====================== =============== ===========================================
iprop_enable *boolean* If *true*, then incremental propagation is enabled, and (as noted below) normal kprop propagation is disabled. The default is *false*.
iprop_master_ulogsize *integer* Indicates the number of entries that should be retained in the update log. The default is 1000; the maximum number is 2500.
-iprop_slave_poll *time interval* Indicates how often the replica should poll the master KDC for changes to the database. The default is two minutes.
+iprop_replica_poll *time interval* Indicates how often the replica should poll the master KDC for changes to the database. The default is two minutes.
iprop_port *integer* Specifies the port number to be used for incremental propagation. This is required in both master and replica configuration files.
iprop_resync_timeout *integer* Specifies the number of seconds to wait for a full propagation to complete. This is optional on replica configurations. Defaults to 300 seconds (5 minutes).
iprop_logfile *file name* Specifies where the update log file for the realm database is to be stored. The default is to use the *database_name* entry from the realms section of the config file :ref:`kdc.conf(5)`, with *.ulog* appended. (NOTE: If database_name isn't specified in the realms section, perhaps because the LDAP database back end is being used, or the file name is specified in the *dbmodules* section, then the hard-coded default for *database_name* is used. Determination of the *iprop_logfile* default value will not use values from the *dbmodules* section.)
update log and the per-replica kprop dump files. In the MIT
implementation, the pathname for the update log is specified in the
config file, and the per-replica dump files are stored in
-|kdcdir|\ ``/slave_datatrans_hostname``.
+|kdcdir|\ ``/replica_datatrans_hostname``.
First, create a dump file of the database on the master KDC, as
follows::
- shell% kdb5_util dump /usr/local/var/krb5kdc/slave_datatrans
+ shell% kdb5_util dump /usr/local/var/krb5kdc/replica_datatrans
Then, manually propagate the database to each replica KDC, as in the
following example::
- shell% kprop -f /usr/local/var/krb5kdc/slave_datatrans kerberos-1.mit.edu
+ shell% kprop -f /usr/local/var/krb5kdc/replica_datatrans kerberos-1.mit.edu
Database propagation to kerberos-1.mit.edu: SUCCEEDED
kdclist = "kerberos-1.mit.edu kerberos-2.mit.edu"
- kdb5_util dump /usr/local/var/krb5kdc/slave_datatrans
+ kdb5_util dump /usr/local/var/krb5kdc/replica_datatrans
for kdc in $kdclist
do
- kprop -f /usr/local/var/krb5kdc/slave_datatrans $kdc
+ kprop -f /usr/local/var/krb5kdc/replica_datatrans $kdc
done
You will need to set up a cron job to run this script at the intervals
This table shows defaults used by the :ref:`kprop(8)` and
:ref:`kpropd(8)` programs.
-========================== ============================== ===========
-Description Default Environment
-========================== ============================== ===========
-kprop database dump file |kdcdir|\ ``/slave_datatrans``
+========================== ================================ ===========
+Description Default Environment
+========================== ================================ ===========
+kprop database dump file |kdcdir|\ ``/replica_datatrans``
kpropd temporary dump file |kdcdir|\ ``/from_master``
kdb5_util location |sbindir|\ ``/kdb5_util``
kprop location |sbindir|\ ``/kprop``
kpropd ACL file |kdcdir|\ ``/kpropd.acl``
-kprop port 754 KPROP_PORT
-========================== ============================== ===========
+kprop port 754 KPROP_PORT
+========================== ================================ ===========
.. _paths:
#define KRB5_CONF_IPROP_MASTER_ULOGSIZE "iprop_master_ulogsize"
#define KRB5_CONF_IPROP_PORT "iprop_port"
#define KRB5_CONF_IPROP_RESYNC_TIMEOUT "iprop_resync_timeout"
+#define KRB5_CONF_IPROP_REPLICA_POLL "iprop_replica_poll"
#define KRB5_CONF_IPROP_SLAVE_POLL "iprop_slave_poll"
#define KRB5_CONF_K5LOGIN_AUTHORITATIVE "k5login_authoritative"
#define KRB5_CONF_K5LOGIN_DIRECTORY "k5login_directory"
* krb5 replica support follows
*/
-#define KPROP_DEFAULT_FILE KDC_DIR "/slave_datatrans"
+#define KPROP_DEFAULT_FILE KDC_DIR "/replica_datatrans"
#define KPROPD_DEFAULT_FILE KDC_DIR "/from_master"
#define KPROPD_DEFAULT_KDB5_UTIL "@SBINDIR/kdb5_util"
#define KPROPD_DEFAULT_KPROP "@SBINDIR/kprop"
KDB_DIR=/usr/local/var/krb5kdc
KDB_FILE=$KDB_DIR/principal.db
-DUMPFILE=$KDB_DIR/slave_datatrans
+DUMPFILE=$KDB_DIR/replica_datatrans
KDB5_UTIL=/usr/local/sbin/kdb5_util
KPROP=/usr/local/sbin/kprop
}
GET_DELTAT_PARAM(iprop_poll_time, KADM5_CONFIG_POLL_TIME,
- KRB5_CONF_IPROP_SLAVE_POLL, 2 * 60); /* 2m */
+ KRB5_CONF_IPROP_REPLICA_POLL, -1);
+ if (params.iprop_poll_time == -1) {
+ GET_DELTAT_PARAM(iprop_poll_time, KADM5_CONFIG_POLL_TIME,
+ KRB5_CONF_IPROP_SLAVE_POLL, 2 * 60);
+ }
*params_out = params;
# DB and ulog file.
conf = {'realms': {'$realm': {'iprop_enable': 'true',
'iprop_logfile': '$testdir/db.ulog'}}}
-conf_rep1 = {'realms': {'$realm': {'iprop_slave_poll': '600',
+conf_rep1 = {'realms': {'$realm': {'iprop_replica_poll': '600',
'iprop_logfile': '$testdir/ulog.replica1'}},
'dbmodules': {'db': {'database_name': '$testdir/db.replica1'}}}
conf_rep1m = {'realms': {'$realm': {'iprop_logfile': '$testdir/ulog.replica1',
'iprop_port': '$port8'}},
'dbmodules': {'db': {'database_name': '$testdir/db.replica1'}}}
-conf_rep2 = {'realms': {'$realm': {'iprop_slave_poll': '600',
+conf_rep2 = {'realms': {'$realm': {'iprop_replica_poll': '600',
'iprop_logfile': '$testdir/ulog.replica2',
'iprop_port': '$port8'}},
'dbmodules': {'db': {'database_name': '$testdir/db.replica2'}}}
conf_foo = {'libdefaults': {'default_realm': 'FOO'},
'domain_realm': {hostname: 'FOO'}}
-conf_rep3 = {'realms': {'$realm': {'iprop_slave_poll': '600',
+conf_rep3 = {'realms': {'$realm': {'iprop_replica_poll': '600',
'iprop_logfile': '$testdir/ulog.replica3',
'iprop_port': '$port8'},
'FOO': {'iprop_logfile': '$testdir/ulog.replica3'}},
'dbmodules': {'db': {'database_name': '$testdir/db.replica3'}}}
krb5_conf_rep4 = {'domain_realm': {hostname: 'FOO'}}
-conf_rep4 = {'realms': {'$realm': {'iprop_slave_poll': '600',
+conf_rep4 = {'realms': {'$realm': {'iprop_replica_poll': '600',
'iprop_logfile': '$testdir/ulog.replica4',
'iprop_port': '$port8'}},
'dbmodules': {'db': {'database_name': '$testdir/db.replica4'}}}
projects / thirdparty / krb5.git / commitdiff
