diff options
| author | Nicolas Williams <nico@cryptonector.com> | 2012-09-24 21:09:17 -0500 |
|---|---|---|
| committer | Greg Hudson <ghudson@mit.edu> | 2012-10-05 13:33:18 -0400 |
| commit | f1c85fbb0ab9e62b2790647b2681aec4d5fa4585 (patch) | |
| tree | 22737dc9984a268c2b55c7229190d6e0ff5f27c6 /doc | |
| parent | 70a119d4dc7ed7a94cfc32c523352af1d000e1c7 (diff) | |
| download | krb5-f1c85fbb0ab9e62b2790647b2681aec4d5fa4585.tar.gz krb5-f1c85fbb0ab9e62b2790647b2681aec4d5fa4585.tar.xz krb5-f1c85fbb0ab9e62b2790647b2681aec4d5fa4585.zip | |
Improve kpropd behavior in iprop mode
- Make kpropd in iprop mode fork a child to listen for kprops from the
master. The child writes progress and outcome reports to the parent
for each kprop. This fixes a race between asking for a full resync
and setting up a listener socket for it.
- Add runonce (-t) for kpropd do_standalone() too.
- Add a new iprop parameter: iprop_resync_timeout. kpropd will keep
asking for incremental updates while waiting for a full resync to
finish, and will re-request a full resync if kadmind continues to
indicate that one is needed after this timeout passes since the
previous full resync was requested.
- Allow polling intervals less than 10 seconds.
[ghudson@mit.edu: split out debug output changes; note polling interval
change in commit message]
ticket: 7373
Diffstat (limited to 'doc')
| -rw-r--r-- | doc/rst_source/krb_admins/conf_files/kdc_conf.rst | 6 | ||||
| -rw-r--r-- | doc/rst_source/krb_admins/database.rst | 1 |
2 files changed, 7 insertions, 0 deletions
diff --git a/doc/rst_source/krb_admins/conf_files/kdc_conf.rst b/doc/rst_source/krb_admins/conf_files/kdc_conf.rst index 54b0e410f..7ded12dc0 100644 --- a/doc/rst_source/krb_admins/conf_files/kdc_conf.rst +++ b/doc/rst_source/krb_admins/conf_files/kdc_conf.rst @@ -206,6 +206,12 @@ For each realm, the following tags may be specified: incremental propagation. This is required in both master and slave configuration files. +**iprop_resync_timeout** + (Delta time string.) Specifies the amount of time to wait for a + full propagation to complete. This is optional in configuration + files, and is used by slave KDCs only. The default value is 5 + minutes (``5m``). + **iprop_logfile** (File name.) Specifies where the update log file for the realm database is to be stored. The default is to use the diff --git a/doc/rst_source/krb_admins/database.rst b/doc/rst_source/krb_admins/database.rst index eae37c879..afea97588 100644 --- a/doc/rst_source/krb_admins/database.rst +++ b/doc/rst_source/krb_admins/database.rst @@ -701,6 +701,7 @@ iprop_enable *boolean* If *true*, then incremental propagation i iprop_master_ulogsize *integer* Indicates the number of entries that should be retained in the update log. The default is 1000; the maximum number is 2500. iprop_slave_poll *time interval* Indicates how often the slave should poll the master KDC for changes to the database. The default is two minutes. iprop_port *integer* Specifies the port number to be used for incremental propagation. This is required in both master and slave configuration files. +iprop_resync_timeout *integer* Specifies the number of seconds to wait for a full propagation to complete. This is optional on slave configurations. Defaults to 300 seconds (5 minutes). iprop_logfile *file name* Specifies where the update log file for the realm database is to be stored. The default is to use the *database_name* entry from the realms section of the config file :ref:`kdc.conf(5)`, with *.ulog* appended. (NOTE: If database_name isn't specified in the realms section, perhaps because the LDAP database back end is being used, or the file name is specified in the *dbmodules* section, then the hard-coded default for *database_name* is used. Determination of the *iprop_logfile* default value will not use values from the *dbmodules* section.) ====================== =============== =========================================== |