oysteikt/heimdal
0
0
Fork 0
Code Issues 5 Pull Requests Releases Activity

Fixes from NetBSD via Thomas Klausner and Roland C. Dowdeswell

Browse Source
This commit is contained in:
Love Hornquist Astrand
2011-05-04 21:31:10 -07:00
parent 9a1a5e5da6
commit b1909b2daa
28 changed files with 337 additions and 782 deletions
Download Patch File Download Diff File Expand all files Collapse all files

48
lib/kadm5/iprop-log.8
View File

@@ -83,28 +83,17 @@ maintain the iprop log file
.Sh DESCRIPTION
Supported options:
.Bl -tag -width Ds
.It Xo
.Fl -version
.Xc
.It Xo
.Fl h ,
.Fl -help
.Xc
.It Fl -version
.It Fl h , Fl -help
.El
.Pp
command can be one of the following:
.Bl -tag -width truncate
.It truncate
.Bl -tag -width Ds
.It Xo
.Fl c Ar file ,
.Fl -config-file= Ns Ar file
.Xc
.It Fl c Ar file , Fl -config-file= Ns Ar file
configuration file
.It Xo
.Fl r Ar string ,
.Fl -realm= Ns Ar string
.Xc
.It Fl r Ar string , Fl -realm= Ns Ar string
realm
.El
.Pp
@@ -113,10 +102,7 @@ last entry of the old log. If the log is truncted by emptying the
file, the log will start over at the first version (0).
.It dump
.Bl -tag -width Ds
.It Xo
.Fl c Ar file ,
.Fl -config-file= Ns Ar file
.Xc
.It Fl c Ar file , Fl -config-file= Ns Ar file
configuration file
.It Xo
.Fl r Ar string ,
@@ -128,23 +114,15 @@ realm
Print out all entries in the log to standard output.
.It replay
.Bl -tag -width Ds
.It Xo
.Fl -start-version= Ns Ar version-number
.Xc
.It Fl -start-version= Ns Ar version-number
start replay with this version
.It Xo
.Fl -end-version= Ns Ar version-number
.Xc
end replay with this version
.It Xo
.Fl c Ar file ,
.Fl -config-file= Ns Ar file
.Xc
.It Fl c Ar file , Fl -config-file= Ns Ar file
configuration file
.It Xo
.Fl r Ar string ,
.Fl -realm= Ns Ar string
.Xc
.It Fl r Ar string , Fl -realm= Ns Ar string
realm
.El
.Pp
@@ -152,15 +130,9 @@ Replay the changes from specified entries (or all if none is
specified) in the transaction log to the database.
.It last-version
.Bl -tag -width Ds
.It Xo
.Fl c Ar file ,
.Fl -config-file= Ns Ar file
.Xc
.It Fl c Ar file , Fl -config-file= Ns Ar file
configuration file
.It Xo
.Fl r Ar string ,
.Fl -realm= Ns Ar string
.Xc
.It Fl r Ar string , Fl -realm= Ns Ar string
realm
.El
.Pp

140
lib/kadm5/iprop.8
View File

@@ -38,51 +38,49 @@
.Nm iprop ,
.Nm ipropd-master ,
.Nm ipropd-slave
.Nd
propagate changes to a Heimdal Kerberos master KDC to slave KDCs
.Nd propagate changes to a Heimdal Kerberos master KDC to slave KDCs
.Sh SYNOPSIS
.Nm ipropd-master
.Oo Fl c Ar string \*(Ba Xo
.Fl -config-file= Ns Ar string
.Fl Fl config-file= Ns Ar string
.Xc
.Oc
.Oo Fl r Ar string \*(Ba Xo
.Fl -realm= Ns Ar string
.Fl Fl realm= Ns Ar string
.Xc
.Oc
.Oo Fl k Ar kspec \*(Ba Xo
.Fl -keytab= Ns Ar kspec
.Fl Fl keytab= Ns Ar kspec
.Xc
.Oc
.Oo Fl d Ar file \*(Ba Xo
.Fl -database= Ns Ar file
.Fl Fl database= Ns Ar file
.Xc
.Oc
.Op Fl -slave-stats-file= Ns Ar file
.Op Fl -time-missing= Ns Ar time
.Op Fl -time-gone= Ns Ar time
.Op Fl -detach
.Op Fl -version
.Op Fl -help
.Op Fl Fl slave-stats-file= Ns Ar file
.Op Fl Fl time-missing= Ns Ar time
.Op Fl Fl time-gone= Ns Ar time
.Op Fl Fl detach
.Op Fl Fl version
.Op Fl Fl help
.Nm ipropd-slave
.Oo Fl c Ar string \*(Ba Xo
.Fl -config-file= Ns Ar string
.Fl Fl config-file= Ns Ar string
.Xc
.Oc
.Oo Fl r Ar string \*(Ba Xo
.Fl -realm= Ns Ar string
.Fl Fl realm= Ns Ar string
.Xc
.Oc
.Oo Fl k Ar kspec \*(Ba Xo
.Fl -keytab= Ns Ar kspec
.Fl Fl keytab= Ns Ar kspec
.Xc
.Oc
.Op Fl -time-lost= Ns Ar time
.Op Fl -detach
.Op Fl -version
.Op Fl -help
.Op Fl Fl time-lost= Ns Ar time
.Op Fl Fl detach
.Op Fl Fl version
.Op Fl Fl help
.Ar master
.Pp
.Sh DESCRIPTION
.Nm ipropd-master
is used to propagate changes to a Heimdal Kerberos database from the
@@ -96,9 +94,9 @@ file in the KDC's database directory, e.g.\&
.Pa /var/heimdal/slaves .
This has principals one per-line of the form
.Dl iprop/ Ns Ar slave Ns @ Ns Ar REALM
where
.Ar slave
is the hostname of the slave server in the given
where
.Ar slave
is the hostname of the slave server in the given
.Ar REALM ,
e.g.\&
.Dl iprop/kerberos-1.example.com@EXAMPLE.COM
@@ -110,20 +108,23 @@ In contrast to
.Xr hprop 8 ,
which sends the whole database to the slaves regularly,
.Nm
normally sends only the changes as they happen on the master. The
master keeps track of all the changes by assigning a version number to
every change to the database. The slaves know which was the latest
version they saw, and in this way it can be determined if they are in
sync or not. A log of all the changes is kept on the master. When a
slave is at an older version than the oldest one in the log, the whole
database has to be sent.
normally sends only the changes as they happen on the master.
The master keeps track of all the changes by assigning a version
number to every change to the database.
The slaves know which was the latest version they saw, and in this
way it can be determined if they are in sync or not.
A log of all the changes is kept on the master.
When a slave is at an older version than the oldest one in the log,
the whole database has to be sent.
.Pp
The changes are propagated over a secure channel (on port 2121 by
default). This should normally be defined as
default).
This should normally be defined as
.Dq iprop/tcp
in
.Pa /etc/services
or another source of the services database. The master and slaves
or another source of the services database.
The master and slaves
must each have access to a keytab with keys for the
.Nm iprop
service principal on the local host.
@@ -136,78 +137,37 @@ file (e.g.\&
Supported options for
.Nm ipropd-master :
.Bl -tag -width Ds
.It Xo
.Fl c Ar string ,
.Fl -config-file= Ns Ar string
.Xc
.It Xo
.Fl r Ar string ,
.Fl -realm= Ns Ar string
.Xc
.It Xo
.Fl k Ar kspec ,
.Fl -keytab= Ns Ar kspec
.Xc
.It Fl c Ar string , Fl Fl config-file= Ns Ar string
.It Fl r Ar string , Fl Fl realm= Ns Ar string
.It Fl k Ar kspec , Fl Fl keytab= Ns Ar kspec
keytab to get authentication from
.It Xo
.Fl d Ar file ,
.Fl -database= Ns Ar file
.Xc
.It Fl d Ar file , Fl Fl database= Ns Ar file
Database (default per KDC)
.It Xo
.Fl -slave-stats-file= Ns Ar file
.Xc
.It Fl Fl slave-stats-file= Ns Ar file
file for slave status information
.It Xo
.Fl -time-missing= Ns Ar time
.Xc
.It Fl Fl time-missing= Ns Ar time
time before slave is polled for presence (default 2 min)
.It Xo
.Fl -time-gone= Ns Ar time
.Xc
.It Fl Fl time-gone= Ns Ar time
time of inactivity after which a slave is considered gone (default 5 min)
.It Xo
.Fl -detach
.Xc
.It Fl Fl detach
detach from console
.It Xo
.Fl -version
.Xc
.It Xo
.Fl -help
.Xc
.It Fl Fl version
.It Fl Fl help
.El
.Pp
Supported options for
.Nm ipropd-slave :
.Bl -tag -width Ds
.It Xo
.Fl c Ar string ,
.Fl -config-file= Ns Ar string
.Xc
.It Xo
.Fl r Ar string ,
.Fl -realm= Ns Ar string
.Xc
.It Xo
.Fl k Ar kspec ,
.Fl -keytab= Ns Ar kspec
.Xc
.It Fl c Ar string , Fl Fl config-file= Ns Ar string
.It Fl r Ar string , Fl Fl realm= Ns Ar string
.It Fl k Ar kspec , Fl Fl keytab= Ns Ar kspec
keytab to get authentication from
.It Xo
.Fl -time-lost= Ns Ar time
.Xc
.It Fl Fl time-lost= Ns Ar time
time before server is considered lost (default 5 min)
.It Xo
.Fl -detach
.Xc
.It Fl Fl detach
detach from console
.It Xo
.Fl -version
.Xc
.It Xo
.Fl -help
.Xc
.It Fl Fl version
.It Fl Fl help
.El
Time arguments for the relevant options above may be specified in forms
like 5 min, 300 s, or simply a number of seconds.