@heading Iprop Iprop is a new fast way to propagate the kerberos database from the master to the slaves. It only sends incremental updates to the slaves, and when there is too many changes, sends over the whole database. Too many changes is when there is when the version the client requested doesn't exist in the log of changes. The protocol works this way: when the slave start up it contacts the master-server and sends over the version number of the database that it currently have (IHAVE message). The master the responds by sending over all version between the slave vesion and current version (a FORYOU message) or if log isn't include that version, the whole database (a TELLYOUEVERYTHING message). Create the file @file{/var/heimdal/slaves} containing all slaves that the ipropd-master should propages the database to. Each line contain the full name of the principal (for example @example{iprop/lachesis.e.kth.se@E.KTH.SE}). Make sure you have iprop/tcp (port 2121 ??) in your @file{/etc/services}. You can also choose port with --port to propd-master and ipropd-slave (this is useful when you have multiple realms to distribute from one server). The you have to create iprop-principals. They are named @example{iprop/}, where you replace the hostname of the slaves or master. This is diffrent to Kerberos 4 (kprop, where its named kprop/master) and hprop (where its named kadmin/hprop). To create the principals on the slaves and master, enter the following command: @example{/usr/heimdal/sbin/ktutil get iprop/`hostname`} where the command hostname should example to the whole hostname, including the domain (eg @example{lachesis.e.kth.se}). Now you should start the iprop-master to the kerberos master. The ipropd-master listen on the unix-socket @file{/var/heimdal/signal} to know when to propagate new entries to the slaves. Iprop-master also wakes up ever 30 seconds and probes to files to see it they have changed without notifing ipropd-master. On the slaves you start the ipropd-slave . It then opens a tcp connection to the server (that it keeps open all the time) to use for the iprop protocol.