krb5 commit: Use the term "primary KDC" in source and docs
Greg Hudson
ghudson at mit.edu
Mon Sep 7 13:35:23 EDT 2020
https://github.com/krb5/krb5/commit/10eb93809b1af06e2b1147aee2e3e50058ba1bbd
commit 10eb93809b1af06e2b1147aee2e3e50058ba1bbd
Author: Greg Hudson <ghudson at mit.edu>
Date: Wed Jun 24 20:48:14 2020 -0400
Use the term "primary KDC" in source and docs
Where it does not affect program behavior, use the term "primary KDC".
This commit does not change any profile variables, DNS labels,
pathnames, or externally visible identifiers, nor does it change the
term "master key".
ticket: 8921 (new)
doc/admin/admin_commands/kadmin_local.rst | 2 +-
doc/admin/admin_commands/kadmind.rst | 10 +-
doc/admin/admin_commands/kprop.rst | 4 +-
doc/admin/admin_commands/kpropd.rst | 16 ++--
doc/admin/admin_commands/kproplog.rst | 11 ++-
doc/admin/advanced/retiring-des.rst | 4 +-
doc/admin/backup_host.rst | 6 +-
doc/admin/conf_files/kdc_conf.rst | 4 +-
doc/admin/conf_files/krb5_conf.rst | 6 +-
doc/admin/database.rst | 58 +++++++-------
doc/admin/install_kdc.rst | 122 ++++++++++++++--------------
doc/admin/lockout.rst | 4 +-
doc/admin/realm_config.rst | 43 +++++-----
doc/admin/troubleshoot.rst | 6 +-
doc/build/directory_org.rst | 2 +-
doc/iprop-notes.txt | 24 +++---
doc/mitK5features.rst | 10 +-
src/include/iprop_hdr.h | 2 +-
src/include/k5-trace.h | 12 ++--
src/include/kdb.h | 2 +-
src/kadmin/dbutil/kdb5_util.c | 2 +-
src/kadmin/server/ovsec_kadmd.c | 2 +-
src/kprop/kpropd.c | 62 ++++++++-------
src/kprop/kproplog.c | 2 +-
src/lib/gssapi/krb5/iakerb.c | 6 +-
src/lib/kadm5/srv/server_init.c | 2 +-
src/lib/kdb/kdb5.c | 4 +-
src/lib/krb5/krb/gc_via_tkt.c | 6 +-
src/lib/krb5/krb/get_creds.c | 6 +-
src/lib/krb5/krb/get_etype_info.c | 6 +-
src/lib/krb5/krb/get_in_tkt.c | 22 +++---
src/lib/krb5/krb/gic_keytab.c | 28 +++---
src/lib/krb5/krb/gic_pwd.c | 39 +++++-----
src/lib/krb5/krb/in_tkt_sky.c | 4 +-
src/lib/krb5/krb/int-proto.h | 4 +-
src/lib/krb5/os/locate_kdc.c | 44 +++++-----
src/lib/krb5/os/os-proto.h | 8 +-
src/lib/krb5/os/sendto_kdc.c | 25 +++---
src/lib/krb5/os/t_locate_kdc.c | 8 +-
src/lib/krb5/os/t_std_conf.c | 4 +-
src/tests/dejagnu/krb-standalone/kprop.exp | 2 +-
src/tests/etinfo.c | 4 +-
src/tests/icinterleave.c | 6 +-
src/tests/t_iprop.py | 33 ++++----
src/tests/t_kprop.py | 4 +-
src/windows/include/loadfuncs-krb5.h | 2 +-
46 files changed, 346 insertions(+), 337 deletions(-)
diff --git a/doc/admin/admin_commands/kadmin_local.rst b/doc/admin/admin_commands/kadmin_local.rst
index 33cf3a9..c6c7795 100644
--- a/doc/admin/admin_commands/kadmin_local.rst
+++ b/doc/admin/admin_commands/kadmin_local.rst
@@ -55,7 +55,7 @@ it requests a service ticket from the KDC, and uses that service
ticket to authenticate to kadmind.
Since kadmin.local directly accesses the KDC database, it usually must
-be run directly on the master KDC with sufficient permissions to read
+be run directly on the primary KDC with sufficient permissions to read
the KDC database. If the KDC database uses the LDAP database module,
kadmin.local can be run on any host which can access the LDAP server.
diff --git a/doc/admin/admin_commands/kadmind.rst b/doc/admin/admin_commands/kadmind.rst
index 03a0d6d..7e14826 100644
--- a/doc/admin/admin_commands/kadmind.rst
+++ b/doc/admin/admin_commands/kadmind.rst
@@ -23,9 +23,9 @@ DESCRIPTION
-----------
kadmind starts the Kerberos administration server. kadmind typically
-runs on the master Kerberos server, which stores the KDC database. If
-the KDC database uses the LDAP module, the administration server and
-the KDC server need not run on the same machine. kadmind accepts
+runs on the primary Kerberos server, which stores the KDC database.
+If the KDC database uses the LDAP module, the administration server
+and the KDC server need not run on the same machine. kadmind accepts
remote requests from programs such as :ref:`kadmin(1)` and
:ref:`kpasswd(1)` to administer the information in these database.
@@ -53,8 +53,8 @@ Incremental propagation allows replica KDC servers to receive
principal and policy updates incrementally instead of receiving full
dumps of the database. This facility can be enabled in the
:ref:`kdc.conf(5)` file with the **iprop_enable** option. Incremental
-propagation requires the principal ``kiprop/MASTER\@REALM`` (where
-MASTER is the master KDC's canonical host name, and REALM the realm
+propagation requires the principal ``kiprop/PRIMARY\@REALM`` (where
+PRIMARY is the primary KDC's canonical host name, and REALM the realm
name). In release 1.13, this principal is automatically created and
registered into the datebase.
diff --git a/doc/admin/admin_commands/kprop.rst b/doc/admin/admin_commands/kprop.rst
index c2b6c79..a118b26 100644
--- a/doc/admin/admin_commands/kprop.rst
+++ b/doc/admin/admin_commands/kprop.rst
@@ -19,7 +19,7 @@ DESCRIPTION
-----------
kprop is used to securely propagate a Kerberos V5 database dump file
-from the master Kerberos server to a replica Kerberos server, which is
+from the primary Kerberos server to a replica Kerberos server, which is
specified by *replica_host*. The dump file must be created by
:ref:`kdb5_util(8)`.
@@ -28,7 +28,7 @@ OPTIONS
-------
**-r** *realm*
- Specifies the realm of the master server.
+ Specifies the realm of the primary server.
**-f** *file*
Specifies the filename where the dumped principal database file is
diff --git a/doc/admin/admin_commands/kpropd.rst b/doc/admin/admin_commands/kpropd.rst
index 7f7faa2..797090c 100644
--- a/doc/admin/admin_commands/kpropd.rst
+++ b/doc/admin/admin_commands/kpropd.rst
@@ -24,12 +24,12 @@ DESCRIPTION
The *kpropd* command runs on the replica KDC server. It listens for
update requests made by the :ref:`kprop(8)` program. If incremental
propagation is enabled, it periodically requests incremental updates
-from the master KDC.
+from the primary KDC.
-When the replica receives a kprop request from the master, kpropd
+When the replica receives a kprop request from the primary, kpropd
accepts the dumped KDC database and places it in a file, and then runs
:ref:`kdb5_util(8)` to load the dumped database into the active
-database which is used by :ref:`krb5kdc(8)`. This allows the master
+database which is used by :ref:`krb5kdc(8)`. This allows the primary
Kerberos server to use :ref:`kprop(8)` to propagate its database to
the replica servers. Upon a successful download of the KDC database
file, the replica Kerberos server will have an up-to-date KDC
@@ -52,10 +52,10 @@ compatibility but does nothing.
Incremental propagation may be enabled with the **iprop_enable**
variable in :ref:`kdc.conf(5)`. If incremental propagation is
-enabled, the replica periodically polls the master KDC for updates, at
+enabled, the replica periodically polls the primary KDC for updates, at
an interval determined by the **iprop_replica_poll** variable. If the
replica receives updates, kpropd updates its log file with any updates
-from the master. :ref:`kproplog(8)` can be used to view a summary of
+from the primary. :ref:`kproplog(8)` can be used to view a summary of
the update entry log on the replica KDC. If incremental propagation
is enabled, the principal ``kiprop/replicahostname at REALM`` (where
*replicahostname* is the name of the replica KDC host, and *REALM* is
@@ -70,11 +70,11 @@ OPTIONS
--------
**-r** *realm*
- Specifies the realm of the master server.
+ Specifies the realm of the primary server.
**-A** *admin_server*
Specifies the server to be contacted for incremental updates; by
- default, the master admin server is contacted.
+ default, the primary admin server is contacted.
**-f** *file*
Specifies the filename where the dumped principal database file is
@@ -95,7 +95,7 @@ OPTIONS
**-t**
In standalone mode without incremental propagation, exit after one
dump file is received. In incremental propagation mode, exit as
- soon as the database is up to date, or if the master returns an
+ soon as the database is up to date, or if the primary returns an
error.
**-P**
diff --git a/doc/admin/admin_commands/kproplog.rst b/doc/admin/admin_commands/kproplog.rst
index 44e706d..3b72cfa 100644
--- a/doc/admin/admin_commands/kproplog.rst
+++ b/doc/admin/admin_commands/kproplog.rst
@@ -16,18 +16,18 @@ DESCRIPTION
The kproplog command displays the contents of the KDC database update
log to standard output. It can be used to keep track of incremental
updates to the principal database. The update log file contains the
-update log maintained by the :ref:`kadmind(8)` process on the master
+update log maintained by the :ref:`kadmind(8)` process on the primary
KDC server and the :ref:`kpropd(8)` process on the replica KDC
servers. When updates occur, they are logged to this file.
Subsequently any KDC replica configured for incremental updates will
-request the current data from the master KDC and update their log file
-with any updates returned.
+request the current data from the primary KDC and update their log
+file with any updates returned.
The kproplog command requires read access to the update log file. It
will display update entries only for the KDC it runs on.
If no options are specified, kproplog displays a summary of the update
-log. If invoked on the master, kproplog also displays all of the
+log. If invoked on the primary, kproplog also displays all of the
update entries. If invoked on a replica KDC server, kproplog displays
only a summary of the updates, which includes the serial number of the
last update received and the associated time stamp of the last update.
@@ -39,7 +39,8 @@ OPTIONS
**-R**
Reset the update log. This forces full resynchronization. If
used on a replica then that replica will request a full resync.
- If used on the master then all replicas will request full resyncs.
+ If used on the primary then all replicas will request full
+ resyncs.
**-h**
Display a summary of the update log. This information includes
diff --git a/doc/admin/advanced/retiring-des.rst b/doc/admin/advanced/retiring-des.rst
index 4a964c1..38f76d3 100644
--- a/doc/admin/advanced/retiring-des.rst
+++ b/doc/admin/advanced/retiring-des.rst
@@ -140,7 +140,7 @@ existing tickets will still function until their scheduled expiry
.. note::
The new ``krbtgt at REALM`` key should be propagated to replica KDCs
- immediately so that TGTs issued by the master KDC can be used to
+ immediately so that TGTs issued by the primary KDC can be used to
issue service tickets on replica KDCs. Replica KDCs will refuse
requests using the new TGT kvno until the new krbtgt entry has
been propagated to them.
@@ -326,7 +326,7 @@ The following KDC configuration will not generate DES keys by default:
As before, the KDC process must be restarted for this change to take
effect. It is best practice to update kdc.conf on all KDCs, not just the
- master, to avoid unpleasant surprises should the master fail and a
+ primary, to avoid unpleasant surprises should the primary fail and a
replica need to be promoted.
It is now appropriate to remove the legacy single-DES key from the
diff --git a/doc/admin/backup_host.rst b/doc/admin/backup_host.rst
index 982a2d1..8914551 100644
--- a/doc/admin/backup_host.rst
+++ b/doc/admin/backup_host.rst
@@ -21,14 +21,14 @@ As with any file, it is possible that your Kerberos database could
become corrupted. If this happens on one of the replica KDCs, you
might never notice, since the next automatic propagation of the
database would install a fresh copy. However, if it happens to the
-master KDC, the corrupted database would be propagated to all of the
+primary KDC, the corrupted database would be propagated to all of the
replicas during the next propagation. For this reason, MIT recommends
-that you back up your Kerberos database regularly. Because the master
+that you back up your Kerberos database regularly. Because the primary
KDC is continuously dumping the database to a file in order to
propagate it to the replica KDCs, it is a simple matter to have a cron
job periodically copy the dump file to a secure machine elsewhere on
your network. (Of course, it is important to make the host where
these backups are stored as secure as your KDCs, and to encrypt its
transmission across your network.) Then if your database becomes
-corrupted, you can load the most recent dump onto the master KDC.
+corrupted, you can load the most recent dump onto the primary KDC.
(See :ref:`restore_from_dump`.)
diff --git a/doc/admin/conf_files/kdc_conf.rst b/doc/admin/conf_files/kdc_conf.rst
index 9759756..0ca3d86 100644
--- a/doc/admin/conf_files/kdc_conf.rst
+++ b/doc/admin/conf_files/kdc_conf.rst
@@ -229,7 +229,7 @@ The following tags may be specified in a [realms] subsection:
**iprop_replica_poll**
(Delta time string.) Specifies how often the replica KDC polls
- for new updates from the master. The default value is ``2m``
+ for new updates from the primary. The default value is ``2m``
(that is, two minutes). New in release 1.17.
**iprop_slave_poll**
@@ -253,7 +253,7 @@ The following tags may be specified in a [realms] subsection:
(Port number.) Specifies the port number to be used for
incremental propagation. When **iprop_enable** is true, this
relation is required in the replica KDC configuration file, and
- this relation or **iprop_listen** is required in the master
+ this relation or **iprop_listen** is required in the primary
configuration file, as there is no default port number. Port
numbers specified in **iprop_listen** entries will override this
port number for the :ref:`kadmind(8)` daemon.
diff --git a/doc/admin/conf_files/krb5_conf.rst b/doc/admin/conf_files/krb5_conf.rst
index 7f28796..9e831d4 100644
--- a/doc/admin/conf_files/krb5_conf.rst
+++ b/doc/admin/conf_files/krb5_conf.rst
@@ -400,7 +400,7 @@ following tags may be specified in the realm's subsection:
**admin_server**
Identifies the host where the administration server is running.
- Typically, this is the master Kerberos server. This tag must be
+ Typically, this is the primary Kerberos server. This tag must be
given a value in order to communicate with the :ref:`kadmind(8)`
server for the realm.
@@ -515,10 +515,10 @@ following tags may be specified in the realm's subsection:
host will be tried.
**master_kdc**
- Identifies the master KDC(s). Currently, this tag is used in only
+ Identifies the primary KDC(s). Currently, this tag is used in only
one case: If an attempt to get credentials fails because of an
invalid password, the client software will attempt to contact the
- master KDC, in case the user's password has just been changed, and
+ primary KDC, in case the user's password has just been changed, and
the updated database has not been propagated to the replica
servers yet.
diff --git a/doc/admin/database.rst b/doc/admin/database.rst
index ca19a36..1ce74b3 100644
--- a/doc/admin/database.rst
+++ b/doc/admin/database.rst
@@ -477,20 +477,20 @@ Starting with release 1.7, :ref:`kdb5_util(8)` allows the master key
to be changed using a rollover process, with minimal loss of
availability. To roll over the master key, follow these steps:
-#. On the master KDC, run ``kdb5_util list_mkeys`` to view the current
- master key version number (KVNO). If you have never rolled over
- the master key before, this will likely be version 1::
+#. On the primary KDC, run ``kdb5_util list_mkeys`` to view the
+ current master key version number (KVNO). If you have never rolled
+ over the master key before, this will likely be version 1::
$ kdb5_util list_mkeys
Master keys for Principal: K/M at KRBTEST.COM
KVNO: 1, Enctype: aes256-cts-hmac-sha384-192, Active on: Thu Jan 01 00:00:00 UTC 1970 *
-#. On the master KDC, run ``kdb5_util use_mkey 1`` to ensure that a
+#. On the primary KDC, run ``kdb5_util use_mkey 1`` to ensure that a
master key activation list is present in the database. This step
is unnecessary in release 1.11.4 or later, or if the database was
initially created with release 1.7 or later.
-#. On the master KDC, run ``kdb5_util add_mkey -s`` to create a new
+#. On the primary KDC, run ``kdb5_util add_mkey -s`` to create a new
master key and write it to the stash file. Enter a secure password
when prompted. If this is the first time you are changing the
master key, the new key will have version 2. The new master key
@@ -504,17 +504,17 @@ availability. To roll over the master key, follow these steps:
the new master key is present, and then ``kdb5_util stash`` to
write the new master key to the replica KDC's stash file.
-#. On the master KDC, run ``kdb5_util use_mkey 2`` to begin using the
+#. On the primary KDC, run ``kdb5_util use_mkey 2`` to begin using the
new master key. Replace ``2`` with the version of the new master
key, as appropriate. You can optionally specify a date for the new
master key to become active; by default, it will become active
immediately. Prior to release 1.12, :ref:`kadmind(8)` must be
restarted for this change to take full effect.
-#. On the master KDC, run ``kdb5_util update_princ_encryption``. This
- command will iterate over the database and re-encrypt all keys in
- the new master key. If the database is large and uses DB2, the
- master KDC will become unavailable while this command runs, but
+#. On the primary KDC, run ``kdb5_util update_princ_encryption``.
+ This command will iterate over the database and re-encrypt all keys
+ in the new master key. If the database is large and uses DB2, the
+ primary KDC will become unavailable while this command runs, but
clients should fail over to replica KDCs (if any are present)
during this time period. In release 1.13 and later, you can
instead run ``kdb5_util -x unlockiter update_princ_encryption`` to
@@ -525,7 +525,7 @@ availability. To roll over the master key, follow these steps:
and until all running KDC and kadmind processes have serviced
requests using updated principal entries.
-#. On the master KDC, run ``kdb5_util purge_mkeys`` to clean up the
+#. On the primary KDC, run ``kdb5_util purge_mkeys`` to clean up the
old master key.
@@ -784,14 +784,14 @@ Overview
At some very large sites, dumping and transmitting the database can
take more time than is desirable for changes to propagate from the
-master KDC to the replica KDCs. The incremental propagation support
+primary KDC to the replica KDCs. The incremental propagation support
added in the 1.7 release is intended to address this.
-With incremental propagation enabled, all programs on the master KDC
+With incremental propagation enabled, all programs on the primary KDC
that change the database also write information about the changes to
an "update log" file, maintained as a circular buffer of a certain
size. A process on each replica KDC connects to a service on the
-master KDC (currently implemented in the :ref:`kadmind(8)` server) and
+primary KDC (currently implemented in the :ref:`kadmind(8)` server) and
periodically requests the changes that have been made since the last
check. By default, this check is done every two minutes.
@@ -801,41 +801,41 @@ data in the KDC config file (See :ref:`kdc.conf(5)`):
====================== =============== ===========================================
iprop_enable *boolean* If *true*, then incremental propagation is enabled, and (as noted below) normal kprop propagation is disabled. The default is *false*.
iprop_master_ulogsize *integer* Indicates the number of entries that should be retained in the update log. The default is 1000; the maximum number is 2500.
-iprop_replica_poll *time interval* Indicates how often the replica should poll the master KDC for changes to the database. The default is two minutes.
-iprop_port *integer* Specifies the port number to be used for incremental propagation. This is required in both master and replica configuration files.
+iprop_replica_poll *time interval* Indicates how often the replica should poll the primary KDC for changes to the database. The default is two minutes.
+iprop_port *integer* Specifies the port number to be used for incremental propagation. This is required in both primary and replica configuration files.
iprop_resync_timeout *integer* Specifies the number of seconds to wait for a full propagation to complete. This is optional on replica configurations. Defaults to 300 seconds (5 minutes).
iprop_logfile *file name* Specifies where the update log file for the realm database is to be stored. The default is to use the *database_name* entry from the realms section of the config file :ref:`kdc.conf(5)`, with *.ulog* appended. (NOTE: If database_name isn't specified in the realms section, perhaps because the LDAP database back end is being used, or the file name is specified in the *dbmodules* section, then the hard-coded default for *database_name* is used. Determination of the *iprop_logfile* default value will not use values from the *dbmodules* section.)
====================== =============== ===========================================
-Both master and replica sides must have a principal named
+Both primary and replica sides must have a principal named
``kiprop/hostname`` (where *hostname* is the lowercase,
fully-qualified, canonical name for the host) registered in the
Kerberos database, and have keys for that principal stored in the
default keytab file (|keytab|). The ``kiprop/hostname`` principal may
-have been created automatically for the master KDC, but it must always
-be created for replica KDCs.
+have been created automatically for the primary KDC, but it must
+always be created for replica KDCs.
-On the master KDC side, the ``kiprop/hostname`` principal must be
+On the primary KDC side, the ``kiprop/hostname`` principal must be
listed in the kadmind ACL file :ref:`kadm5.acl(5)`, and given the
**p** privilege (see :ref:`privileges`).
On the replica KDC side, :ref:`kpropd(8)` should be run. When
incremental propagation is enabled, it will connect to the kadmind on
-the master KDC and start requesting updates.
+the primary KDC and start requesting updates.
The normal kprop mechanism is disabled by the incremental propagation
support. However, if the replica has been unable to fetch changes
-from the master KDC for too long (network problems, perhaps), the log
-on the master may wrap around and overwrite some of the updates that
+from the primary KDC for too long (network problems, perhaps), the log
+on the primary may wrap around and overwrite some of the updates that
the replica has not yet retrieved. In this case, the replica will
-instruct the master KDC to dump the current database out to a file and
-invoke a one-time kprop propagation, with special options to also
+instruct the primary KDC to dump the current database out to a file
+and invoke a one-time kprop propagation, with special options to also
convey the point in the update log at which the replica should resume
fetching incremental updates. Thus, all the keytab and ACL setup
previously described for kprop propagation is still needed.
If an environment has a large number of replicas, it may be desirable
-to arrange them in a hierarchy instead of having the master serve
+to arrange them in a hierarchy instead of having the primary serve
updates to every replica. To do this, run ``kadmind -proponly`` on
each intermediate replica, and ``kpropd -A upstreamhostname`` on
downstream replicas to direct each one to the appropriate upstream
@@ -844,11 +844,11 @@ replica.
There are several known restrictions in the current implementation:
- The incremental update protocol does not transport changes to policy
- objects. Any policy changes on the master will result in full
+ objects. Any policy changes on the primary will result in full
resyncs to all replicas.
- The replica's KDB module must support locking; it cannot be using the
LDAP KDB module.
-- The master and replica must be able to initiate TCP connections in
+- The primary and replica must be able to initiate TCP connections in
both directions, without an intervening NAT.
@@ -869,7 +869,7 @@ service. In the Sun implementation, the service is registered with
rpcbind (also known as portmapper) and the client looks up the port
number to contact. In the MIT implementation, where interaction with
some modern versions of rpcbind doesn't always work well, the port
-number must be specified in the config file on both the master and
+number must be specified in the config file on both the primary and
replica sides.
The Sun implementation hard-codes pathnames in ``/var/krb5`` for the
diff --git a/doc/admin/install_kdc.rst b/doc/admin/install_kdc.rst
index 157c605..4d90172 100644
--- a/doc/admin/install_kdc.rst
+++ b/doc/admin/install_kdc.rst
@@ -2,23 +2,24 @@ Installing KDCs
===============
When setting up Kerberos in a production environment, it is best to
-have multiple replica KDCs alongside with a master KDC to ensure the
+have multiple replica KDCs alongside with a primary KDC to ensure the
continued availability of the Kerberized services. Each KDC contains
-a copy of the Kerberos database. The master KDC contains the writable
-copy of the realm database, which it replicates to the replica KDCs at
-regular intervals. All database changes (such as password changes)
-are made on the master KDC. Replica KDCs provide Kerberos
-ticket-granting services, but not database administration, when the
-master KDC is unavailable. MIT recommends that you install all of
-your KDCs to be able to function as either the master or one of the
-replicas. This will enable you to easily switch your master KDC with
-one of the replicas if necessary (see :ref:`switch_master_replica`).
-This installation procedure is based on that recommendation.
+a copy of the Kerberos database. The primary KDC contains the
+writable copy of the realm database, which it replicates to the
+replica KDCs at regular intervals. All database changes (such as
+password changes) are made on the primary KDC. Replica KDCs provide
+Kerberos ticket-granting services, but not database administration,
+when the primary KDC is unavailable. MIT recommends that you install
+all of your KDCs to be able to function as either the primary or one
+of the replicas. This will enable you to easily switch your primary
+KDC with one of the replicas if necessary (see
+:ref:`switch_primary_replica`). This installation procedure is based
+on that recommendation.
.. warning::
- The Kerberos system relies on the availability of correct time
- information. Ensure that the master and all replica KDCs have
+ information. Ensure that the primary and all replica KDCs have
properly synchronized clocks.
- It is best to install and run KDCs on secured and dedicated
@@ -29,8 +30,8 @@ This installation procedure is based on that recommendation.
database.
-Install and configure the master KDC
-------------------------------------
+Install and configure the primary KDC
+-------------------------------------
Install Kerberos either from the OS-provided packages or from the
source (See :ref:`do_build`).
@@ -40,7 +41,7 @@ source (See :ref:`do_build`).
For the purpose of this document we will use the following
names::
- kerberos.mit.edu - master KDC
+ kerberos.mit.edu - primary KDC
kerberos-1.mit.edu - replica KDC
ATHENA.MIT.EDU - realm name
.k5.ATHENA.MIT.EDU - stash file
@@ -148,7 +149,7 @@ your Kerberos realm and server respectively.
Create the KDC database
-----------------------
-You will use the :ref:`kdb5_util(8)` command on the master KDC to
+You will use the :ref:`kdb5_util(8)` command on the primary KDC to
create the Kerberos database and the optional :ref:`stash_definition`.
.. note::
@@ -172,7 +173,7 @@ substituting the numeral "4" for the word "for", and includes the
punctuation mark at the end.)
The following is an example of how to create a Kerberos database and
-stash file on the master KDC, using the :ref:`kdb5_util(8)` command.
+stash file on the primary KDC, using the :ref:`kdb5_util(8)` command.
Replace ``ATHENA.MIT.EDU`` with the name of your Kerberos realm::
shell% kdb5_util create -r ATHENA.MIT.EDU -s
@@ -224,10 +225,10 @@ are allowed to administer Kerberos database) to the Kerberos database.
You *must* add at least one principal now to allow communication
between the Kerberos administration daemon kadmind and the kadmin
program over the network for further administration. To do this, use
-the kadmin.local utility on the master KDC. kadmin.local is designed
-to be run on the master KDC host without using Kerberos authentication
-to an admin server; instead, it must have read and write access to the
-Kerberos database on the local filesystem.
+the kadmin.local utility on the primary KDC. kadmin.local is designed
+to be run on the primary KDC host without using Kerberos
+authentication to an admin server; instead, it must have read and
+write access to the Kerberos database on the local filesystem.
The administrative principals you create should be the ones you added
to the ACL file (see :ref:`admin_acl`).
@@ -248,11 +249,11 @@ is created::
.. _start_kdc_daemons:
-Start the Kerberos daemons on the master KDC
---------------------------------------------
+Start the Kerberos daemons on the primary KDC
+---------------------------------------------
At this point, you are ready to start the Kerberos KDC
-(:ref:`krb5kdc(8)`) and administrative daemons on the Master KDC. To
+(:ref:`krb5kdc(8)`) and administrative daemons on the primary KDC. To
do so, type::
shell% krb5kdc
@@ -294,9 +295,10 @@ You are now ready to start configuring the replica KDCs.
.. note::
Assuming you are setting the KDCs up so that you can easily
- switch the master KDC with one of the replicas, you should
- perform each of these steps on the master KDC as well as the
- replica KDCs, unless these instructions specify otherwise.
+ switch the primary KDC with one of the replicas, you should
+ perform each of these steps on the primary KDC as well as
+ the replica KDCs, unless these instructions specify
+ otherwise.
.. _replica_host_key:
@@ -306,11 +308,11 @@ Create host keytabs for replica KDCs
Each KDC needs a ``host`` key in the Kerberos database. These keys
are used for mutual authentication when propagating the database dump
-file from the master KDC to the secondary KDC servers.
+file from the primary KDC to the secondary KDC servers.
-On the master KDC, connect to administrative interface and create the
+On the primary KDC, connect to administrative interface and create the
host principal for each of the KDCs' ``host`` services. For example,
-if the master KDC were called ``kerberos.mit.edu``, and you had a
+if the primary KDC were called ``kerberos.mit.edu``, and you had a
replica KDC named ``kerberos-1.mit.edu``, you would type the
following::
@@ -323,9 +325,9 @@ following::
No policy specified for "host/kerberos-1.mit.edu at ATHENA.MIT.EDU"; assigning "default"
Principal "host/kerberos-1.mit.edu at ATHENA.MIT.EDU" created.
-It is not strictly necessary to have the master KDC server in the
+It is not strictly necessary to have the primary KDC server in the
Kerberos database, but it can be handy if you want to be able to swap
-the master KDC with one of the replicas.
+the primary KDC with one of the replicas.
Next, extract ``host`` random keys for all participating KDCs and
store them in each host's default keytab file. Ideally, you should
@@ -345,7 +347,7 @@ To extract a keytab directly on a replica KDC called
type arcfour-hmac added to keytab FILE:/etc/krb5.keytab.
If you are instead extracting a keytab for the replica KDC called
-``kerberos-1.mit.edu`` on the master KDC, you should use a dedicated
+``kerberos-1.mit.edu`` on the primary KDC, you should use a dedicated
temporary keytab file for that machine's keytab::
kadmin: ktadd -k /tmp/kerberos-1.keytab host/kerberos-1.mit.edu
@@ -361,10 +363,10 @@ The file ``/tmp/kerberos-1.keytab`` can then be installed as
Configure replica KDCs
~~~~~~~~~~~~~~~~~~~~~~
-Database propagation copies the contents of the master's database, but
-does not propagate configuration files, stash files, or the kadm5 ACL
-file. The following files must be copied by hand to each replica (see
-:ref:`mitK5defaults` for the default locations for these files):
+Database propagation copies the contents of the primary's database,
+but does not propagate configuration files, stash files, or the kadm5
+ACL file. The following files must be copied by hand to each replica
+(see :ref:`mitK5defaults` for the default locations for these files):
* krb5.conf
* kdc.conf
@@ -372,11 +374,11 @@ file. The following files must be copied by hand to each replica (see
* master key stash file
Move the copied files into their appropriate directories, exactly as
-on the master KDC. kadm5.acl is only needed to allow a replica to
-swap with the master KDC.
+on the primary KDC. kadm5.acl is only needed to allow a replica to
+swap with the primary KDC.
-The database is propagated from the master KDC to the replica KDCs via
-the :ref:`kpropd(8)` daemon. You must explicitly specify the
+The database is propagated from the primary KDC to the replica KDCs
+via the :ref:`kpropd(8)` daemon. You must explicitly specify the
principals which are allowed to provide Kerberos dump updates on the
replica machine with a new database. Create a file named kpropd.acl
in the KDC state directory containing the ``host`` principals for each
@@ -387,11 +389,11 @@ of the KDCs::
.. note::
- If you expect that the master and replica KDCs will be
+ If you expect that the primary and replica KDCs will be
switched at some point of time, list the host principals
from all participating KDC servers in kpropd.acl files on
all of the KDCs. Otherwise, you only need to list the
- master KDC's host principal in the kpropd.acl files of the
+ primary KDC's host principal in the kpropd.acl files of the
replica KDCs.
Then, add the following line to ``/etc/inetd.conf`` on each KDC
@@ -411,10 +413,10 @@ Alternatively, start :ref:`kpropd(8)` as a stand-alone daemon. This is
required when incremental propagation is enabled.
Now that the replica KDC is able to accept database propagation,
-you’ll need to propagate the database from the master server.
+you’ll need to propagate the database from the primary server.
NOTE: Do not start the replica KDC yet; you still do not have a copy
-of the master's database.
+of the primary's database.
.. _kprop_to_replicas:
@@ -422,7 +424,7 @@ of the master's database.
Propagate the database to each replica KDC
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-First, create a dump file of the database on the master KDC, as
+First, create a dump file of the database on the primary KDC, as
follows::
shell% kdb5_util dump /usr/local/var/krb5kdc/replica_datatrans
@@ -463,7 +465,7 @@ start the krb5kdc daemon::
shell% krb5kdc
-As with the master KDC, you will probably want to add this command to
+As with the primary KDC, you will probably want to add this command to
the KDCs' ``/etc/rc`` or ``/etc/inittab`` files, so they will start
the krb5kdc daemon automatically at boot time.
@@ -489,26 +491,26 @@ services into the Kerberos database. This procedure is described
fully in :ref:`add_mod_del_princs`.
You may occasionally want to use one of your replica KDCs as the
-master. This might happen if you are upgrading the master KDC, or if
-your master KDC has a disk crash. See the following section for the
-instructions.
+primary. This might happen if you are upgrading the primary KDC, or
+if your primary KDC has a disk crash. See the following section for
+the instructions.
-.. _switch_master_replica:
+.. _switch_primary_replica:
-Switching master and replica KDCs
----------------------------------
+Switching primary and replica KDCs
+----------------------------------
You may occasionally want to use one of your replica KDCs as the
-master. This might happen if you are upgrading the master KDC, or if
-your master KDC has a disk crash.
+primary. This might happen if you are upgrading the primary KDC, or
+if your primary KDC has a disk crash.
Assuming you have configured all of your KDCs to be able to function
-as either the master KDC or a replica KDC (as this document
+as either the primary KDC or a replica KDC (as this document
recommends), all you need to do to make the changeover is:
-If the master KDC is still running, do the following on the *old*
-master KDC:
+If the primary KDC is still running, do the following on the *old*
+primary KDC:
#. Kill the kadmind process.
#. Disable the cron job that propagates the database.
@@ -516,12 +518,12 @@ master KDC:
replicas all have the latest copy of the database (see
:ref:`kprop_to_replicas`).
-On the *new* master KDC:
+On the *new* primary KDC:
#. Start the :ref:`kadmind(8)` daemon (see :ref:`start_kdc_daemons`).
#. Set up the cron job to propagate the database (see
:ref:`kprop_to_replicas`).
-#. Switch the CNAMEs of the old and new master KDCs. If you can't do
+#. Switch the CNAMEs of the old and new primary KDCs. If you can't do
this, you'll need to change the :ref:`krb5.conf(5)` file on every
client machine in your Kerberos realm.
diff --git a/doc/admin/lockout.rst b/doc/admin/lockout.rst
index 97d9b1e..cce4490 100644
--- a/doc/admin/lockout.rst
+++ b/doc/admin/lockout.rst
@@ -102,11 +102,11 @@ traditional :ref:`kprop(8)` or incremental propagation. Because of
this, the number of attempts an attacker can make within a time period
is multiplied by the number of KDCs. For instance, if the
**maxfailure** parameter on a policy is 10 and there are four KDCs in
-the environment (a master and three replicas), an attacker could make
+the environment (a primary and three replicas), an attacker could make
as many as 40 attempts before the principal is locked out on all four
KDCs.
-An administrative unlock is propagated from the master to the replica
+An administrative unlock is propagated from the primary to the replica
KDCs during the next propagation. Propagation of an administrative
unlock will cause the counter of failed attempts on each replica to
reset to 1 on the next failure.
diff --git a/doc/admin/realm_config.rst b/doc/admin/realm_config.rst
index 23245ca..caacc70 100644
--- a/doc/admin/realm_config.rst
+++ b/doc/admin/realm_config.rst
@@ -10,8 +10,8 @@ following issues:
* Which ports your KDC and and kadmind services will use, if they will
not be using the default ports.
* How many replica KDCs you need and where they should be located.
-* The hostnames of your master and replica KDCs.
-* How frequently you will propagate the database from the master KDC
+* The hostnames of your primary and replica KDCs.
+* How frequently you will propagate the database from the primary KDC
to the replica KDCs.
@@ -98,7 +98,7 @@ Replica KDCs
------------
Replica KDCs provide an additional source of Kerberos ticket-granting
-services in the event of inaccessibility of the master KDC. The
+services in the event of inaccessibility of the primary KDC. The
number of replica KDCs you need and the decision of where to place them,
both physically and logically, depends on the specifics of your
network.
@@ -109,15 +109,15 @@ be unavailable and have a replica KDC to take up the slack.
Some considerations include:
-* Have at least one replica KDC as a backup, for when the master KDC
+* Have at least one replica KDC as a backup, for when the primary KDC
is down, is being upgraded, or is otherwise unavailable.
* If your network is split such that a network outage is likely to
cause a network partition (some segment or segments of the network
to become cut off or isolated from other segments), have a replica
KDC accessible to each segment.
* If possible, have at least one replica KDC in a different building
- from the master, in case of power outages, fires, or other localized
- disasters.
+ from the primary, in case of power outages, fires, or other
+ localized disasters.
.. _kdc_hostnames:
@@ -126,7 +126,7 @@ Hostnames for KDCs
------------------
MIT recommends that your KDCs have a predefined set of CNAME records
-(DNS hostname aliases), such as ``kerberos`` for the master KDC and
+(DNS hostname aliases), such as ``kerberos`` for the primary KDC and
``kerberos-1``, ``kerberos-2``, ... for the replica KDCs. This way,
if you need to swap a machine, you only need to change a DNS entry,
rather than having to change hostnames.
@@ -153,22 +153,21 @@ _kerberos-master._udp
This entry should refer to those KDCs, if any, that will
immediately see password changes to the Kerberos database. If a
user is logging in and the password appears to be incorrect, the
- client will retry with the master KDC before failing with an
+ client will retry with the primary KDC before failing with an
"incorrect password" error given.
If you have only one KDC, or for whatever reason there is no
accessible KDC that would get database changes faster than the
- others, you do not need to define this entry.
-_kerberos-adm._tcp
- This should list port 749 on your master KDC. Support for it is
+ others, you do not need to define this entry. _kerberos-adm._tcp
+ This should list port 749 on your primary KDC. Support for it is
not complete at this time, but it will eventually be used by the
:ref:`kadmin(1)` program and related utilities. For now, you will
also need the **admin_server** variable in :ref:`krb5.conf(5)`.
-_kpasswd._udp
- This should list port 464 on your master KDC. It is used when a
- user changes her password. If this entry is not defined but a
- _kerberos-adm._tcp entry is defined, the client will use the
- _kerberos-adm._tcp entry with the port number changed to 749.
+ _kpasswd._udp This should list port 464 on your primary KDC. It
+ is used when a user changes her password. If this entry is not
+ defined but a _kerberos-adm._tcp entry is defined, the client will
+ use the _kerberos-adm._tcp entry with the port number changed
+ to 749.
The DNS SRV specification requires that the hostnames listed be the
canonical names, not aliases. So, for example, you might include the
@@ -202,8 +201,8 @@ KDC Discovery
As of MIT krb5 1.15, clients can also locate KDCs in DNS through URI
records (:rfc:`7553`). Limitations with the SRV record format may
result in extra DNS queries in situations where a client must failover
-to other transport types, or find a master server. The URI record can
-convey more information about a realm's KDCs with a single query.
+to other transport types, or find a primary server. The URI record
+can convey more information about a realm's KDCs with a single query.
The client performs a query for the following URI records:
@@ -218,8 +217,8 @@ consists of case-insensitive colon separated fields, in the form
* *scheme* defines the registered URI type. It should always be
``krb5srv``.
* *flags* contains zero or more flag characters. Currently the only
- valid flag is ``m``, which indicates that the record is for a master
- server.
+ valid flag is ``m``, which indicates that the record is for a
+ primary server.
* *transport* defines the transport type of the residual URL or
address. Accepted values are ``tcp``, ``udp``, or ``kkdcp`` for the
MS-KKDCP type.
@@ -247,7 +246,7 @@ records are found.
Database propagation
--------------------
-The Kerberos database resides on the master KDC, and must be
+The Kerberos database resides on the primary KDC, and must be
propagated regularly (usually by a cron job) to the replica KDCs. In
deciding how frequently the propagation should happen, you will need
to balance the amount of time the propagation takes against the
@@ -258,7 +257,7 @@ If the propagation time is longer than this maximum reasonable time
(e.g., you have a particularly large database, you have a lot of
replicas, or you experience frequent network delays), you may wish to
cut down on your propagation delay by performing the propagation in
-parallel. To do this, have the master KDC propagate the database to
+parallel. To do this, have the primary KDC propagate the database to
one set of replicas, and then have each of these replicas propagate
the database to additional replicas.
diff --git a/doc/admin/troubleshoot.rst b/doc/admin/troubleshoot.rst
index 6a0c7f8..ade5e1f 100644
--- a/doc/admin/troubleshoot.rst
+++ b/doc/admin/troubleshoot.rst
@@ -107,7 +107,7 @@ kprop: No route to host while connecting to server
..................................................
Make sure that the hostname of the replica KDC (as given to kprop) is
-correct, and that any firewalls between the master and the replica
+correct, and that any firewalls between the primary and the replica
allow a connection on port 754.
.. _kprop_con_refused:
@@ -128,8 +128,8 @@ kprop: Server rejected authentication (during sendauth exchange) while authentic
Make sure that:
-#. The time is synchronized between the master and replica KDCs.
-#. The master stash file was copied from the master to the expected
+#. The time is synchronized between the primary and replica KDCs.
+#. The master stash file was copied from the primary to the expected
location on the replica.
#. The replica has a keytab file in the default location containing a
``host`` principal for the replica's hostname.
diff --git a/doc/build/directory_org.rst b/doc/build/directory_org.rst
index db0c6c0..109b69a 100644
--- a/doc/build/directory_org.rst
+++ b/doc/build/directory_org.rst
@@ -11,7 +11,7 @@ clients Kerberos V5 user programs (See :ref:`user_commands`)
config Configure scripts
config-files Sample Kerberos configuration files
include include files needed to build the Kerberos system
-kadmin Administrative interface to the Kerberos master database: :ref:`kadmin(1)`, :ref:`kdb5_util(8)`, :ref:`ktutil(1)`.
+kadmin Administrative interface to the Kerberos database: :ref:`kadmin(1)`, :ref:`kdb5_util(8)`, :ref:`ktutil(1)`.
kdc Kerberos V5 Authentication Service and Key Distribution Center
lib_ Libraries for use with/by Kerberos V5
plugins Kerberos plugins directory
diff --git a/doc/iprop-notes.txt b/doc/iprop-notes.txt
index ac57305..b620773 100644
--- a/doc/iprop-notes.txt
+++ b/doc/iprop-notes.txt
@@ -3,18 +3,18 @@ install guide.
Bugs or issues:
-The "full resync" part of the protocol involves the master side firing
-off a normal kprop (and going back to servicing requests), and the
-replica side stopping all the incremental propagation stuff and
-waiting for the kprop. If the connection from the master never comes
+The "full resync" part of the protocol involves the primary side
+firing off a normal kprop (and going back to servicing requests), and
+the replica side stopping all the incremental propagation stuff and
+waiting for the kprop. If the connection from the primary never comes
in for some reason, the replica side just blocks forever, and never
resumes incremental propagation.
The protocol does not currently pass policy database changes; this was
an intentional decision on Sun's part. The policy database is only
-relevant to the master KDC, and is usually fairly static (aside from
+relevant to the primary KDC, and is usually fairly static (aside from
refcount updates), but not propagating it does mean that a replica
-maintained via iprop can't simply be promoted to a master in disaster
+maintained via iprop can't simply be promoted to a primary in disaster
recovery or other cases without doing a full propagation or restoring
a database from backups.
@@ -29,8 +29,8 @@ the update log as well; etc. At least initially, we wouldn't treat it
as a differently-named database; the installation of the hooks would
be done by explicitly checking if iprop is enabled, etc.
-The "iprop role" is assumed to be either master or replica. The
-master writes a log, and the replica fetches it. But what about a
+The "iprop role" is assumed to be either primary or replica. The
+primary writes a log, and the replica fetches it. But what about a
cascade propagation model where A sends to B which sends to C, perhaps
because A's bandwidth is highly limited, or B and C are co-located?
In such a case, B would want to operate in both modes. Granted, with
@@ -67,10 +67,10 @@ db changes, which locking protocols should deal with anyways, (b)
existing acl code, (c) existing server process?
The incremental propagation protocol requires an ACL entry on the
-master, listing the replica. Since the full-resync part uses normal
-kprop, the replica also has to have an ACL entry for the master. If
+primary, listing the replica. Since the full-resync part uses normal
+kprop, the replica also has to have an ACL entry for the primary. If
this is missing, I suspect the behavior will be that every two
-minutes, the master side will (at the prompting of the replica) dump
+minutes, the primary side will (at the prompting of the replica) dump
out the database and attempt a full propagation.
Possible optimizations: If an existing dump file has a recent enough
@@ -97,7 +97,7 @@ resizing the log because of a too-large log entry.
The kprop invocation doesn't specify a realm name, so it'll only work
for the default realm. No clean way to specify a port number, either.
Would it be overkill to come up with a way to configure host+port for
-kpropd on the master? Preferably in a way that'd support cascading
+kpropd on the primary? Preferably in a way that'd support cascading
propagations.
The kadmind process, when it needs to run kprop, extracts the replica
diff --git a/doc/mitK5features.rst b/doc/mitK5features.rst
index 98c1435..8d6041d 100644
--- a/doc/mitK5features.rst
+++ b/doc/mitK5features.rst
@@ -146,7 +146,7 @@ Release 1.13
protocol.
- Add support for `hierarchical incremental propagation
<https://k5wiki.kerberos.org/wiki/Projects/Hierarchical_iprop>`_,
- where replicas can act as intermediates between an upstream master
+ where replicas can act as intermediates between an upstream primary
and other downstream replicas.
- Add support for configuring GSS mechanisms using
``/etc/gss/mech.d/*.conf`` files in addition to
@@ -255,9 +255,9 @@ Release 1.14
* Performance:
- - On replica KDCs, poll the master KDC immediately after processing
- a full resync, and do not require two full resyncs after the
- master KDC's log file is reset.
+ - On replica KDCs, poll the primary KDC immediately after
+ processing a full resync, and do not require two full resyncs
+ after the primary KDC's log file is reset.
Release 1.15
@@ -279,7 +279,7 @@ Release 1.15
- Add DNS auto-discovery of KDC and kpasswd servers from URI
records, in addition to SRV records. URI records can convey TCP
- and UDP servers and master KDC status in a single DNS lookup, and
+ and UDP servers and primary KDC status in a single DNS lookup, and
can also point to HTTPS proxy servers.
- Add support for password history to the LDAP back end.
diff --git a/src/include/iprop_hdr.h b/src/include/iprop_hdr.h
index 435ed7e..d214549 100644
--- a/src/include/iprop_hdr.h
+++ b/src/include/iprop_hdr.h
@@ -31,7 +31,7 @@ extern "C" {
enum iprop_role {
IPROP_NULL = 0,
- IPROP_MASTER = 1,
+ IPROP_PRIMARY = 1,
IPROP_REPLICA = 2
};
typedef enum iprop_role iprop_role;
diff --git a/src/include/k5-trace.h b/src/include/k5-trace.h
index 79ed740..b3e039d 100644
--- a/src/include/k5-trace.h
+++ b/src/include/k5-trace.h
@@ -200,8 +200,8 @@ void krb5int_trace(krb5_context context, const char *fmt, ...);
TRACE(c, "Attempting password change; {int} tries remaining", tries)
#define TRACE_GIC_PWD_EXPIRED(c) \
TRACE(c, "Principal expired; getting changepw ticket")
-#define TRACE_GIC_PWD_MASTER(c) \
- TRACE(c, "Retrying AS request with master KDC")
+#define TRACE_GIC_PWD_PRIMARY(c) \
+ TRACE(c, "Retrying AS request with primary KDC")
#define TRACE_GSS_CLIENT_KEYTAB_FAIL(c, ret) \
TRACE(c, "Unable to resolve default client keytab: {kerr}", ret)
@@ -379,13 +379,13 @@ void krb5int_trace(krb5_context context, const char *fmt, ...);
#define TRACE_SENDTO_KDC_ERROR_SET_MESSAGE(c, raddr, err) \
TRACE(c, "Error preparing message to send to {raddr}: {errno}", \
raddr, err)
-#define TRACE_SENDTO_KDC(c, len, rlm, master, tcp) \
+#define TRACE_SENDTO_KDC(c, len, rlm, primary, tcp) \
TRACE(c, "Sending request ({int} bytes) to {data}{str}{str}", len, \
- rlm, (master) ? " (master)" : "", (tcp) ? " (tcp only)" : "")
+ rlm, (primary) ? " (primary)" : "", (tcp) ? " (tcp only)" : "")
#define TRACE_SENDTO_KDC_K5TLS_LOAD_ERROR(c, ret) \
TRACE(c, "Error loading k5tls module: {kerr}", ret)
-#define TRACE_SENDTO_KDC_MASTER(c, master) \
- TRACE(c, "Response was{str} from master KDC", (master) ? "" : " not")
+#define TRACE_SENDTO_KDC_PRIMARY(c, primary) \
+ TRACE(c, "Response was{str} from primary KDC", (primary) ? "" : " not")
#define TRACE_SENDTO_KDC_RESOLVING(c, hostname) \
TRACE(c, "Resolving hostname {str}", hostname)
#define TRACE_SENDTO_KDC_RESPONSE(c, len, raddr) \
diff --git a/src/include/kdb.h b/src/include/kdb.h
index ff47716..f6cbb47 100644
--- a/src/include/kdb.h
+++ b/src/include/kdb.h
@@ -960,7 +960,7 @@ typedef struct _kdb_vftabl {
*
* If db_args contains the value "temporary", the module should create an
* exclusively locked side copy of the database suitable for loading in a
- * propagation from master to replica. This side copy will later be
+ * propagation from primary to replica. This side copy will later be
* promoted with promote_db, allowing complete updates of the DB with no
* loss in read availability. If the module cannot comply with this
* architecture, it should return an error.
diff --git a/src/kadmin/dbutil/kdb5_util.c b/src/kadmin/dbutil/kdb5_util.c
index 8cd0537..024edb1 100644
--- a/src/kadmin/dbutil/kdb5_util.c
+++ b/src/kadmin/dbutil/kdb5_util.c
@@ -337,7 +337,7 @@ int main(argc, argv)
return exit_status;
if (global_params.iprop_enabled == TRUE)
- ulog_set_role(util_context, IPROP_MASTER);
+ ulog_set_role(util_context, IPROP_PRIMARY);
else
ulog_set_role(util_context, IPROP_NULL);
diff --git a/src/kadmin/server/ovsec_kadmd.c b/src/kadmin/server/ovsec_kadmd.c
index 6305e83..73d9bac 100644
--- a/src/kadmin/server/ovsec_kadmd.c
+++ b/src/kadmin/server/ovsec_kadmd.c
@@ -536,7 +536,7 @@ main(int argc, char *argv[])
fail_to_start(ret, _("getting random seed"));
if (params.iprop_enabled == TRUE) {
- ulog_set_role(context, IPROP_MASTER);
+ ulog_set_role(context, IPROP_PRIMARY);
ret = ulog_map(context, params.iprop_logfile, params.iprop_ulogsize);
if (ret)
diff --git a/src/kprop/kpropd.c b/src/kprop/kpropd.c
index 5881a89..874ba13 100644
--- a/src/kprop/kpropd.c
+++ b/src/kprop/kpropd.c
@@ -158,7 +158,7 @@ static void load_database(krb5_context context, char *kdb_util,
static void send_error(krb5_context context, int fd, krb5_error_code err_code,
char *err_text);
static void recv_error(krb5_context context, krb5_data *inbuf);
-static unsigned int backoff_from_master(int *cnt);
+static unsigned int backoff_from_primary(int *cnt);
static kadm5_ret_t kadm5_get_kiprop_host_srv_name(krb5_context context,
const char *realm_name,
char **host_service_name);
@@ -634,7 +634,7 @@ do_iprop()
kadm5_ret_t retval;
krb5_principal iprop_svc_principal;
void *server_handle = NULL;
- char *iprop_svc_princstr = NULL, *master_svc_princstr = NULL;
+ char *iprop_svc_princstr = NULL, *primary_svc_princstr = NULL;
unsigned int pollin, backoff_time;
int backoff_cnt = 0, reinit_cnt = 0;
struct timeval iprop_start, iprop_end;
@@ -652,9 +652,9 @@ do_iprop()
if (pollin == 0)
pollin = 10;
- if (master_svc_princstr == NULL) {
+ if (primary_svc_princstr == NULL) {
retval = kadm5_get_kiprop_host_srv_name(kpropd_context, realm,
- &master_svc_princstr);
+ &primary_svc_princstr);
if (retval) {
com_err(progname, retval,
_("%s: unable to get kiprop host based "
@@ -692,7 +692,7 @@ reinit:
}
retval = kadm5_init_with_skey(kpropd_context, iprop_svc_princstr,
keytab_path,
- master_svc_princstr,
+ primary_svc_princstr,
¶ms,
KADM5_STRUCT_VERSION,
KADM5_API_VERSION_4,
@@ -711,8 +711,8 @@ reinit:
com_err(progname, retval, _(
"while attempting to connect"
- " to master KDC ... retrying"));
- backoff_time = backoff_from_master(&reinit_cnt);
+ " to primary KDC ... retrying"));
+ backoff_time = backoff_from_primary(&reinit_cnt);
if (debug) {
fprintf(stderr, _("Sleeping %d seconds to re-initialize "
"kadm5 (RPC ERROR)\n"), backoff_time);
@@ -732,7 +732,7 @@ reinit:
com_err(progname, retval,
_("while initializing %s interface, retrying"),
progname);
- backoff_time = backoff_from_master(&reinit_cnt);
+ backoff_time = backoff_from_primary(&reinit_cnt);
if (debug) {
fprintf(stderr, _("Sleeping %d seconds to re-initialize "
"kadm5 (krb5kdc not running?)\n"),
@@ -762,7 +762,7 @@ reinit:
/*
* Get the most recent ulog entry sno + ts, which
- * we package in the request to the master KDC
+ * we package in the request to the primary KDC
*/
retval = ulog_get_last(kpropd_context, &mylast);
if (retval) {
@@ -772,7 +772,7 @@ reinit:
/*
* Loop continuously on an iprop_get_updates_1(),
- * so that we can keep probing the master for updates
+ * so that we can keep probing the primary for updates
* or (if needed) do a full resync of the krb5 db.
*/
@@ -858,19 +858,19 @@ reinit:
case UPDATE_ERROR:
if (debug)
- fprintf(stderr, _("Full resync error from master\n"));
+ fprintf(stderr, _("Full resync error from primary\n"));
syslog(LOG_ERR, _(" Full resync, "
- "error returned from master KDC."));
+ "error returned from primary KDC."));
goto error;
default:
backoff_cnt = 0;
if (debug) {
fprintf(stderr,
- _("Full resync invalid result from master\n"));
+ _("Full resync invalid result from primary\n"));
}
syslog(LOG_ERR, _("Full resync, "
- "invalid return from master KDC."));
+ "invalid return from primary KDC."));
break;
}
break;
@@ -926,8 +926,9 @@ reinit:
case UPDATE_ERROR:
if (debug)
- fprintf(stderr, _("get_updates error from master\n"));
- syslog(LOG_ERR, _("get_updates, error returned from master KDC."));
+ fprintf(stderr, _("get_updates error from primary\n"));
+ syslog(LOG_ERR,
+ _("get_updates, error returned from primary KDC."));
goto error;
case UPDATE_BUSY:
@@ -935,25 +936,28 @@ reinit:
* Exponential backoff
*/
if (debug)
- fprintf(stderr, _("get_updates master busy; backoff\n"));
+ fprintf(stderr, _("get_updates primary busy; backoff\n"));
backoff_cnt++;
break;
case UPDATE_NIL:
/*
- * Master-replica are in sync
+ * Primary-replica are in sync
*/
if (debug)
- fprintf(stderr, _("KDC is synchronized with master.\n"));
+ fprintf(stderr, _("KDC is synchronized with primary.\n"));
backoff_cnt = 0;
frrequested = 0;
break;
default:
backoff_cnt = 0;
- if (debug)
- fprintf(stderr, _("get_updates invalid result from master\n"));
- syslog(LOG_ERR, _("get_updates, invalid return from master KDC."));
+ if (debug) {
+ fprintf(stderr,
+ _("get_updates invalid result from primary\n"));
+ }
+ syslog(LOG_ERR,
+ _("get_updates, invalid return from primary KDC."));
break;
}
@@ -966,10 +970,10 @@ reinit:
* UPDATE_BUSY signal
*/
if (backoff_cnt > 0) {
- backoff_time = backoff_from_master(&backoff_cnt);
+ backoff_time = backoff_from_primary(&backoff_cnt);
if (debug) {
fprintf(stderr, _("Busy signal received "
- "from master, backoff for %d secs\n"),
+ "from primary, backoff for %d secs\n"),
backoff_time);
}
sleep(backoff_time);
@@ -986,11 +990,11 @@ reinit:
error:
if (debug)
- fprintf(stderr, _("ERROR returned by master, bailing\n"));
- syslog(LOG_ERR, _("ERROR returned by master KDC, bailing.\n"));
+ fprintf(stderr, _("ERROR returned by primary, bailing\n"));
+ syslog(LOG_ERR, _("ERROR returned by primary KDC, bailing.\n"));
done:
free(iprop_svc_princstr);
- free(master_svc_princstr);
+ free(primary_svc_princstr);
krb5_free_default_realm(kpropd_context, def_realm);
kadm5_destroy(server_handle);
krb5_db_fini(kpropd_context);
@@ -1001,9 +1005,9 @@ done:
}
-/* Do exponential backoff, since master KDC is BUSY or down. */
+/* Do exponential backoff, since primary KDC is BUSY or down. */
static unsigned int
-backoff_from_master(int *cnt)
+backoff_from_primary(int *cnt)
{
unsigned int btime;
diff --git a/src/kprop/kproplog.c b/src/kprop/kproplog.c
index 865b0d6..0c025f0 100644
--- a/src/kprop/kproplog.c
+++ b/src/kprop/kproplog.c
@@ -5,7 +5,7 @@
*/
/*
- * This module will parse the update logs on the master or replica servers.
+ * This module will parse the update logs on the primary or replica servers.
*/
#include "k5-int.h"
diff --git a/src/lib/gssapi/krb5/iakerb.c b/src/lib/gssapi/krb5/iakerb.c
index 5da276b..b0d0ede 100644
--- a/src/lib/gssapi/krb5/iakerb.c
+++ b/src/lib/gssapi/krb5/iakerb.c
@@ -329,7 +329,7 @@ iakerb_acceptor_step(iakerb_ctx_id_t ctx,
krb5_data request = empty_data(), reply = empty_data();
krb5_data realm = empty_data();
OM_uint32 tmp;
- int tcp_only, use_master;
+ int tcp_only, use_primary;
krb5_ui_4 kdc_code;
output_token->length = 0;
@@ -355,9 +355,9 @@ iakerb_acceptor_step(iakerb_ctx_id_t ctx,
goto cleanup;
for (tcp_only = 0; tcp_only <= 1; tcp_only++) {
- use_master = 0;
+ use_primary = 0;
code = krb5_sendto_kdc(ctx->k5c, &request, &realm,
- &reply, &use_master, tcp_only);
+ &reply, &use_primary, tcp_only);
if (code == 0 && krb5_is_krb_error(&reply)) {
krb5_error *error;
diff --git a/src/lib/kadm5/srv/server_init.c b/src/lib/kadm5/srv/server_init.c
index 87a7322..3adc4b5 100644
--- a/src/lib/kadm5/srv/server_init.c
+++ b/src/lib/kadm5/srv/server_init.c
@@ -425,7 +425,7 @@ kadm5_init_iprop(void *handle, char **db_args)
iprop_h = handle;
if (iprop_h->params.iprop_enabled) {
- ulog_set_role(iprop_h->context, IPROP_MASTER);
+ ulog_set_role(iprop_h->context, IPROP_PRIMARY);
retval = ulog_map(iprop_h->context, iprop_h->params.iprop_logfile,
iprop_h->params.iprop_ulogsize);
if (retval)
diff --git a/src/lib/kdb/kdb5.c b/src/lib/kdb/kdb5.c
index a3fc0bf..47e9b31 100644
--- a/src/lib/kdb/kdb5.c
+++ b/src/lib/kdb/kdb5.c
@@ -104,13 +104,13 @@ kdb_unlock_list()
k5_mutex_unlock(&db_lock);
}
-/* Return true if the ulog is mapped in the master role. */
+/* Return true if the ulog is mapped in the primary role. */
static inline krb5_boolean
logging(krb5_context context)
{
kdb_log_context *log_ctx = context->kdblog_context;
- return log_ctx != NULL && log_ctx->iproprole == IPROP_MASTER &&
+ return log_ctx != NULL && log_ctx->iproprole == IPROP_PRIMARY &&
log_ctx->ulog != NULL;
}
diff --git a/src/lib/krb5/krb/gc_via_tkt.c b/src/lib/krb5/krb/gc_via_tkt.c
index 5ac8a52..f8a256b 100644
--- a/src/lib/krb5/krb/gc_via_tkt.c
+++ b/src/lib/krb5/krb/gc_via_tkt.c
@@ -345,7 +345,7 @@ krb5_get_cred_via_tkt_ext(krb5_context context, krb5_creds *tkt,
krb5_timestamp timestamp;
krb5_int32 nonce;
krb5_keyblock *subkey = NULL;
- int tcp_only = 0, use_master = 0;
+ int tcp_only = 0, use_primary = 0;
struct krb5int_fast_request_state *fast_state = NULL;
request_data.data = NULL;
@@ -367,9 +367,9 @@ krb5_get_cred_via_tkt_ext(krb5_context context, krb5_creds *tkt,
goto cleanup;
send_again:
- use_master = 0;
+ use_primary = 0;
retval = krb5_sendto_kdc(context, &request_data, &in_cred->server->realm,
- &response_data, &use_master, tcp_only);
+ &response_data, &use_primary, tcp_only);
if (retval == 0) {
if (krb5_is_krb_error(&response_data)) {
if (!tcp_only) {
diff --git a/src/lib/krb5/krb/get_creds.c b/src/lib/krb5/krb/get_creds.c
index 32401bc..c35b8d6 100644
--- a/src/lib/krb5/krb/get_creds.c
+++ b/src/lib/krb5/krb/get_creds.c
@@ -1198,7 +1198,7 @@ krb5_tkt_creds_get(krb5_context context, krb5_tkt_creds_context ctx)
krb5_data request = empty_data(), reply = empty_data();
krb5_data realm = empty_data();
unsigned int flags = 0;
- int tcp_only = 0, use_master;
+ int tcp_only = 0, use_primary;
for (;;) {
/* Get the next request and realm. Turn on TCP if necessary. */
@@ -1212,9 +1212,9 @@ krb5_tkt_creds_get(krb5_context context, krb5_tkt_creds_context ctx)
krb5_free_data_contents(context, &reply);
/* Send it to a KDC for the appropriate realm. */
- use_master = 0;
+ use_primary = 0;
code = krb5_sendto_kdc(context, &request, &realm,
- &reply, &use_master, tcp_only);
+ &reply, &use_primary, tcp_only);
if (code != 0)
break;
diff --git a/src/lib/krb5/krb/get_etype_info.c b/src/lib/krb5/krb/get_etype_info.c
index 3a9589d..1a75b9f 100644
--- a/src/lib/krb5/krb/get_etype_info.c
+++ b/src/lib/krb5/krb/get_etype_info.c
@@ -96,7 +96,7 @@ krb5_get_etype_info(krb5_context context, krb5_principal principal,
krb5_data reply = empty_data(), req = empty_data(), realm = empty_data();
krb5_data salt = empty_data(), s2kparams = empty_data();
unsigned int flags;
- int master, tcp_only;
+ int primary, tcp_only;
krb5_error_code ret;
*enctype_out = ENCTYPE_NULL;
@@ -118,8 +118,8 @@ krb5_get_etype_info(krb5_context context, krb5_principal principal,
/* Send the packet (possibly once with UDP and again with TCP). */
tcp_only = 0;
for (;;) {
- master = 0;
- ret = krb5_sendto_kdc(context, &req, &realm, &reply, &master,
+ primary = 0;
+ ret = krb5_sendto_kdc(context, &req, &realm, &reply, &primary,
tcp_only);
if (ret)
goto cleanup;
diff --git a/src/lib/krb5/krb/get_in_tkt.c b/src/lib/krb5/krb/get_in_tkt.c
index feab6fb..0245f11 100644
--- a/src/lib/krb5/krb/get_in_tkt.c
+++ b/src/lib/krb5/krb/get_in_tkt.c
@@ -549,14 +549,14 @@ krb5_init_creds_free(krb5_context context,
krb5_error_code
k5_init_creds_get(krb5_context context, krb5_init_creds_context ctx,
- int *use_master)
+ int *use_primary)
{
krb5_error_code code;
krb5_data request;
krb5_data reply;
krb5_data realm;
unsigned int flags = 0;
- int tcp_only = 0, master = *use_master;
+ int tcp_only = 0, primary = *use_primary;
request.length = 0;
request.data = NULL;
@@ -580,9 +580,9 @@ k5_init_creds_get(krb5_context context, krb5_init_creds_context ctx,
krb5_free_data_contents(context, &reply);
- master = *use_master;
+ primary = *use_primary;
code = krb5_sendto_kdc(context, &request, &realm,
- &reply, &master, tcp_only);
+ &reply, &primary, tcp_only);
if (code != 0)
break;
@@ -594,7 +594,7 @@ k5_init_creds_get(krb5_context context, krb5_init_creds_context ctx,
krb5_free_data_contents(context, &reply);
krb5_free_data_contents(context, &realm);
- *use_master = master;
+ *use_primary = primary;
return code;
}
@@ -603,9 +603,9 @@ krb5_error_code KRB5_CALLCONV
krb5_init_creds_get(krb5_context context,
krb5_init_creds_context ctx)
{
- int use_master = 0;
+ int use_primary = 0;
- return k5_init_creds_get(context, ctx, &use_master);
+ return k5_init_creds_get(context, ctx, &use_primary);
}
krb5_error_code KRB5_CALLCONV
@@ -1903,7 +1903,7 @@ k5_get_init_creds(krb5_context context, krb5_creds *creds,
krb5_principal client, krb5_prompter_fct prompter,
void *prompter_data, krb5_deltat start_time,
const char *in_tkt_service, krb5_get_init_creds_opt *options,
- get_as_key_fn gak_fct, void *gak_data, int *use_master,
+ get_as_key_fn gak_fct, void *gak_data, int *use_primary,
krb5_kdc_rep **as_reply)
{
krb5_error_code code;
@@ -1928,7 +1928,7 @@ k5_get_init_creds(krb5_context context, krb5_creds *creds,
goto cleanup;
}
- code = k5_init_creds_get(context, ctx, use_master);
+ code = k5_init_creds_get(context, ctx, use_primary);
if (code != 0)
goto cleanup;
@@ -1954,7 +1954,7 @@ k5_identify_realm(krb5_context context, krb5_principal client,
krb5_error_code ret;
krb5_get_init_creds_opt *opts = NULL;
krb5_init_creds_context ctx = NULL;
- int use_master = 0;
+ int use_primary = 0;
*client_out = NULL;
@@ -1974,7 +1974,7 @@ k5_identify_realm(krb5_context context, krb5_principal client,
ctx->identify_realm = TRUE;
ctx->subject_cert = subject_cert;
- ret = k5_init_creds_get(context, ctx, &use_master);
+ ret = k5_init_creds_get(context, ctx, &use_primary);
if (ret)
goto cleanup;
diff --git a/src/lib/krb5/krb/gic_keytab.c b/src/lib/krb5/krb/gic_keytab.c
index b2b4ac9..d204570 100644
--- a/src/lib/krb5/krb/gic_keytab.c
+++ b/src/lib/krb5/krb/gic_keytab.c
@@ -238,7 +238,7 @@ static krb5_error_code
get_init_creds_keytab(krb5_context context, krb5_creds *creds,
krb5_principal client, krb5_keytab keytab,
krb5_deltat start_time, const char *in_tkt_service,
- krb5_get_init_creds_opt *options, int *use_master)
+ krb5_get_init_creds_opt *options, int *use_primary)
{
krb5_error_code ret;
krb5_init_creds_context ctx = NULL;
@@ -258,7 +258,7 @@ get_init_creds_keytab(krb5_context context, krb5_creds *creds,
if (ret != 0)
goto cleanup;
- ret = k5_init_creds_get(context, ctx, use_master);
+ ret = k5_init_creds_get(context, ctx, use_primary);
if (ret != 0)
goto cleanup;
@@ -282,7 +282,7 @@ krb5_get_init_creds_keytab(krb5_context context,
krb5_get_init_creds_opt *options)
{
krb5_error_code ret;
- int use_master;
+ int use_primary;
krb5_keytab keytab;
struct errinfo errsave = EMPTY_ERRINFO;
@@ -293,12 +293,12 @@ krb5_get_init_creds_keytab(krb5_context context,
keytab = arg_keytab;
}
- use_master = 0;
+ use_primary = 0;
/* first try: get the requested tkt from any kdc */
ret = get_init_creds_keytab(context, creds, client, keytab, start_time,
- in_tkt_service, options, &use_master);
+ in_tkt_service, options, &use_primary);
/* check for success */
@@ -310,27 +310,27 @@ krb5_get_init_creds_keytab(krb5_context context,
if ((ret == KRB5_KDC_UNREACH) || (ret == KRB5_REALM_CANT_RESOLVE))
goto cleanup;
- /* if the reply did not come from the master kdc, try again with
- the master kdc */
+ /* If the reply did not come from the primary kdc, try again with
+ * the primary kdc. */
- if (!use_master) {
- use_master = 1;
+ if (!use_primary) {
+ use_primary = 1;
k5_save_ctx_error(context, ret, &errsave);
ret = get_init_creds_keytab(context, creds, client, keytab,
start_time, in_tkt_service, options,
- &use_master);
+ &use_primary);
if (ret == 0)
goto cleanup;
- /* If the master is unreachable, return the error from the replica we
+ /* If the primary is unreachable, return the error from the replica we
* were able to contact. */
if (ret == KRB5_KDC_UNREACH || ret == KRB5_REALM_CANT_RESOLVE ||
ret == KRB5_REALM_UNKNOWN)
ret = k5_restore_ctx_error(context, &errsave);
}
- /* at this point, we have a response from the master. Since we don't
+ /* at this point, we have a response from the primary. Since we don't
do any prompting or changing for keytabs, that's it. */
cleanup:
@@ -352,7 +352,7 @@ krb5_get_in_tkt_with_keytab(krb5_context context, krb5_flags options,
char * server = NULL;
krb5_keytab keytab;
krb5_principal client_princ, server_princ;
- int use_master = 0;
+ int use_primary = 0;
retval = k5_populate_gic_opt(context, &opts, options, addrs, ktypes,
pre_auth_types, creds);
@@ -373,7 +373,7 @@ krb5_get_in_tkt_with_keytab(krb5_context context, krb5_flags options,
client_princ = creds->client;
retval = k5_get_init_creds(context, creds, creds->client,
krb5_prompter_posix, NULL, 0, server, opts,
- get_as_key_keytab, (void *)keytab, &use_master,
+ get_as_key_keytab, (void *)keytab, &use_primary,
ret_as_reply);
krb5_free_unparsed_name( context, server);
if (retval) {
diff --git a/src/lib/krb5/krb/gic_pwd.c b/src/lib/krb5/krb/gic_pwd.c
index cdfdb48..9a3d598 100644
--- a/src/lib/krb5/krb/gic_pwd.c
+++ b/src/lib/krb5/krb/gic_pwd.c
@@ -182,7 +182,7 @@ krb5_get_init_creds_password(krb5_context context,
krb5_get_init_creds_opt *options)
{
krb5_error_code ret;
- int use_master;
+ int use_primary;
krb5_kdc_rep *as_reply;
int tries;
krb5_creds chpw_creds;
@@ -195,7 +195,7 @@ krb5_get_init_creds_password(krb5_context context,
struct errinfo errsave = EMPTY_ERRINFO;
char *message;
- use_master = 0;
+ use_primary = 0;
as_reply = NULL;
memset(&chpw_creds, 0, sizeof(chpw_creds));
memset(&gakpw, 0, sizeof(gakpw));
@@ -209,7 +209,7 @@ krb5_get_init_creds_password(krb5_context context,
ret = k5_get_init_creds(context, creds, client, prompter, data, start_time,
in_tkt_service, options, krb5_get_as_key_password,
- &gakpw, &use_master, &as_reply);
+ &gakpw, &use_primary, &as_reply);
/* check for success */
@@ -223,12 +223,12 @@ krb5_get_init_creds_password(krb5_context context,
ret == KRB5_LIBOS_PWDINTR || ret == KRB5_LIBOS_CANTREADPWD)
goto cleanup;
- /* if the reply did not come from the master kdc, try again with
- the master kdc */
+ /* If the reply did not come from the primary kdc, try again with
+ * the primary kdc. */
- if (!use_master) {
- TRACE_GIC_PWD_MASTER(context);
- use_master = 1;
+ if (!use_primary) {
+ TRACE_GIC_PWD_PRIMARY(context);
+ use_primary = 1;
k5_save_ctx_error(context, ret, &errsave);
if (as_reply) {
@@ -237,22 +237,22 @@ krb5_get_init_creds_password(krb5_context context,
}
ret = k5_get_init_creds(context, creds, client, prompter, data,
start_time, in_tkt_service, options,
- krb5_get_as_key_password, &gakpw, &use_master,
+ krb5_get_as_key_password, &gakpw, &use_primary,
&as_reply);
if (ret == 0)
goto cleanup;
- /* If the master is unreachable, return the error from the replica we
- * were able to contact and reset the use_master flag. */
+ /* If the primary is unreachable, return the error from the replica we
+ * were able to contact and reset the use_primary flag. */
if (ret == KRB5_KDC_UNREACH || ret == KRB5_REALM_CANT_RESOLVE ||
ret == KRB5_REALM_UNKNOWN) {
ret = k5_restore_ctx_error(context, &errsave);
- use_master = 0;
+ use_primary = 0;
}
}
- /* at this point, we have an error from the master. if the error
+ /* at this point, we have an error from the primary. if the error
is not password expired, or if it is but there's no prompter,
return this error */
@@ -277,7 +277,7 @@ krb5_get_init_creds_password(krb5_context context,
goto cleanup;
ret = k5_get_init_creds(context, &chpw_creds, client, prompter, data,
start_time, "kadmin/changepw", chpw_opts,
- krb5_get_as_key_password, &gakpw, &use_master,
+ krb5_get_as_key_password, &gakpw, &use_primary,
NULL);
if (ret)
goto cleanup;
@@ -375,15 +375,14 @@ krb5_get_init_creds_password(krb5_context context,
if (ret)
goto cleanup;
- /* the password change was successful. Get an initial ticket
- from the master. this is the last try. the return from this
- is final. */
+ /* The password change was successful. Get an initial ticket from the
+ * primary. This is the last try. The return from this is final. */
TRACE_GIC_PWD_CHANGED(context);
gakpw.password = &pw0;
ret = k5_get_init_creds(context, creds, client, prompter, data,
start_time, in_tkt_service, options,
- krb5_get_as_key_password, &gakpw, &use_master,
+ krb5_get_as_key_password, &gakpw, &use_primary,
&as_reply);
if (ret)
goto cleanup;
@@ -433,7 +432,7 @@ krb5_get_in_tkt_with_password(krb5_context context, krb5_flags options,
krb5_data pw;
char * server;
krb5_principal server_princ, client_princ;
- int use_master = 0;
+ int use_primary = 0;
krb5_get_init_creds_opt *opts = NULL;
memset(&gakpw, 0, sizeof(gakpw));
@@ -454,7 +453,7 @@ krb5_get_in_tkt_with_password(krb5_context context, krb5_flags options,
client_princ = creds->client;
retval = k5_get_init_creds(context, creds, creds->client,
krb5_prompter_posix, NULL, 0, server, opts,
- krb5_get_as_key_password, &gakpw, &use_master,
+ krb5_get_as_key_password, &gakpw, &use_primary,
ret_as_reply);
krb5_free_unparsed_name( context, server);
krb5_get_init_creds_opt_free(context, opts);
diff --git a/src/lib/krb5/krb/in_tkt_sky.c b/src/lib/krb5/krb/in_tkt_sky.c
index 4787fa0..55c951a 100644
--- a/src/lib/krb5/krb/in_tkt_sky.c
+++ b/src/lib/krb5/krb/in_tkt_sky.c
@@ -75,7 +75,7 @@ krb5_get_in_tkt_with_skey(krb5_context context, krb5_flags options,
krb5_error_code retval;
char *server;
krb5_principal server_princ, client_princ;
- int use_master = 0;
+ int use_primary = 0;
krb5_get_init_creds_opt *opts = NULL;
retval = k5_populate_gic_opt(context, &opts, options, addrs, ktypes,
@@ -105,7 +105,7 @@ krb5_get_in_tkt_with_skey(krb5_context context, krb5_flags options,
client_princ = creds->client;
retval = k5_get_init_creds(context, creds, creds->client,
krb5_prompter_posix, NULL, 0, server, opts,
- get_as_key_skey, (void *)key, &use_master,
+ get_as_key_skey, (void *)key, &use_primary,
ret_as_reply);
krb5_free_unparsed_name(context, server);
if (retval)
diff --git a/src/lib/krb5/krb/int-proto.h b/src/lib/krb5/krb/int-proto.h
index 5211044..f2a2a3c 100644
--- a/src/lib/krb5/krb/int-proto.h
+++ b/src/lib/krb5/krb/int-proto.h
@@ -201,7 +201,7 @@ k5_ccselect_free_context(krb5_context context);
krb5_error_code
k5_init_creds_get(krb5_context context, krb5_init_creds_context ctx,
- int *use_master);
+ int *use_primary);
krb5_error_code
k5_init_creds_current_time(krb5_context context, krb5_init_creds_context ctx,
@@ -291,7 +291,7 @@ k5_get_init_creds(krb5_context context, krb5_creds *creds,
krb5_principal client, krb5_prompter_fct prompter,
void *prompter_data, krb5_deltat start_time,
const char *in_tkt_service, krb5_get_init_creds_opt *options,
- get_as_key_fn gak, void *gak_data, int *master,
+ get_as_key_fn gak, void *gak_data, int *primary,
krb5_kdc_rep **as_reply);
/*
diff --git a/src/lib/krb5/os/locate_kdc.c b/src/lib/krb5/os/locate_kdc.c
index c32a967..7036c74 100644
--- a/src/lib/krb5/os/locate_kdc.c
+++ b/src/lib/krb5/os/locate_kdc.c
@@ -132,7 +132,7 @@ new_server_entry(struct serverlist *list)
list->servers = newservers;
entry = &newservers[list->nservers];
memset(entry, 0, sizeof(*entry));
- entry->master = -1;
+ entry->primary = -1;
return entry;
}
@@ -160,7 +160,7 @@ add_addr_to_list(struct serverlist *list, k5_transport transport, int family,
static int
add_host_to_list(struct serverlist *list, const char *hostname, int port,
k5_transport transport, int family, const char *uri_path,
- int master)
+ int primary)
{
struct server_entry *entry;
@@ -178,7 +178,7 @@ add_host_to_list(struct serverlist *list, const char *hostname, int port,
goto oom;
}
entry->port = port;
- entry->master = master;
+ entry->primary = primary;
list->nservers++;
return 0;
oom:
@@ -523,7 +523,7 @@ prof_locate_server(krb5_context context, const krb5_data *realm,
/*
* Parse the initial part of the URI, first confirming the scheme name. Get
- * the transport, flags (indicating master status), and host. The host is
+ * the transport, flags (indicating primary status), and host. The host is
* either an address or hostname with an optional port, or an HTTPS URL.
* The format is krb5srv:flags:udp|tcp|kkdcp:host
*
@@ -531,15 +531,15 @@ prof_locate_server(krb5_context context, const krb5_data *realm,
*/
static void
parse_uri_fields(const char *uri, k5_transport *transport_out,
- const char **host_out, int *master_out)
+ const char **host_out, int *primary_out)
{
k5_transport transport;
- int master = FALSE;
+ int primary = FALSE;
*transport_out = 0;
*host_out = NULL;
- *master_out = -1;
+ *primary_out = -1;
/* Confirm the scheme name. */
if (strncasecmp(uri, "krb5srv", 7) != 0)
@@ -556,7 +556,7 @@ parse_uri_fields(const char *uri, k5_transport *transport_out,
/* Check the flags field for supported flags. */
for (; *uri != ':' && *uri != '\0'; uri++) {
if (*uri == 'm' || *uri == 'M')
- master = TRUE;
+ primary = TRUE;
}
if (*uri != ':')
return;
@@ -583,7 +583,7 @@ parse_uri_fields(const char *uri, k5_transport *transport_out,
/* The rest of the URI is the host (with optional port) or URI. */
*host_out = uri + 1;
*transport_out = transport;
- *master_out = master;
+ *primary_out = primary;
}
/*
@@ -594,14 +594,14 @@ static krb5_error_code
locate_uri(krb5_context context, const krb5_data *realm,
const char *req_service, struct serverlist *serverlist,
k5_transport req_transport, int default_port,
- krb5_boolean master_only)
+ krb5_boolean primary_only)
{
krb5_error_code ret;
k5_transport transport, host_trans;
struct srv_dns_entry *answers, *entry;
char *host;
const char *host_field, *path;
- int port, def_port, master;
+ int port, def_port, primary;
ret = k5_make_uri_query(context, realm, req_service, &answers);
if (ret || answers == NULL)
@@ -611,7 +611,7 @@ locate_uri(krb5_context context, const krb5_data *realm,
def_port = default_port;
path = NULL;
- parse_uri_fields(entry->host, &transport, &host_field, &master);
+ parse_uri_fields(entry->host, &transport, &host_field, &primary);
if (host_field == NULL)
continue;
@@ -639,7 +639,7 @@ locate_uri(krb5_context context, const krb5_data *realm,
}
ret = add_host_to_list(serverlist, host, port, transport, AF_UNSPEC,
- path, master);
+ path, primary);
free(host);
if (ret)
break;
@@ -657,14 +657,14 @@ dns_locate_server_uri(krb5_context context, const krb5_data *realm,
krb5_error_code ret;
char *svcname;
int def_port;
- krb5_boolean find_master = FALSE;
+ krb5_boolean find_primary = FALSE;
if (!_krb5_use_dns_kdc(context) || !use_dns_uri(context))
return 0;
switch (svc) {
case locate_service_master_kdc:
- find_master = TRUE;
+ find_primary = TRUE;
/* Fall through */
case locate_service_kdc:
svcname = "_kerberos";
@@ -683,7 +683,7 @@ dns_locate_server_uri(krb5_context context, const krb5_data *realm,
}
ret = locate_uri(context, realm, svcname, serverlist, transport, def_port,
- find_master);
+ find_primary);
if (serverlist->nservers == 0)
TRACE_DNS_URI_NOTFOUND(context);
@@ -819,24 +819,24 @@ k5_locate_server(krb5_context context, const krb5_data *realm,
krb5_error_code
k5_locate_kdc(krb5_context context, const krb5_data *realm,
- struct serverlist *serverlist, krb5_boolean get_masters,
+ struct serverlist *serverlist, krb5_boolean get_primaries,
krb5_boolean no_udp)
{
enum locate_service_type stype;
- stype = get_masters ? locate_service_master_kdc : locate_service_kdc;
+ stype = get_primaries ? locate_service_master_kdc : locate_service_kdc;
return k5_locate_server(context, realm, serverlist, stype, no_udp);
}
krb5_boolean
-k5_kdc_is_master(krb5_context context, const krb5_data *realm,
- struct server_entry *server)
+k5_kdc_is_primary(krb5_context context, const krb5_data *realm,
+ struct server_entry *server)
{
struct serverlist list;
krb5_boolean found;
- if (server->master != -1)
- return server->master;
+ if (server->primary != -1)
+ return server->primary;
if (locate_server(context, realm, &list, locate_service_master_kdc,
server->transport) != 0)
diff --git a/src/lib/krb5/os/os-proto.h b/src/lib/krb5/os/os-proto.h
index f1aa60a..7d5e797 100644
--- a/src/lib/krb5/os/os-proto.h
+++ b/src/lib/krb5/os/os-proto.h
@@ -58,7 +58,7 @@ struct server_entry {
k5_transport transport; /* May be 0 for UDP/TCP if hostname set */
char *uri_path; /* Used only if transport is HTTPS */
int family; /* May be 0 (aka AF_UNSPEC) if hostname set */
- int master; /* True, false, or -1 for unknown. */
+ int primary; /* True, false, or -1 for unknown. */
size_t addrlen;
struct sockaddr_storage addr;
};
@@ -124,10 +124,10 @@ krb5_error_code k5_locate_server(krb5_context, const krb5_data *realm,
krb5_error_code k5_locate_kdc(krb5_context context, const krb5_data *realm,
struct serverlist *serverlist,
- krb5_boolean get_masters, krb5_boolean no_udp);
+ krb5_boolean get_primaries, krb5_boolean no_udp);
-krb5_boolean k5_kdc_is_master(krb5_context context, const krb5_data *realm,
- struct server_entry *server);
+krb5_boolean k5_kdc_is_primary(krb5_context context, const krb5_data *realm,
+ struct server_entry *server);
void k5_free_serverlist(struct serverlist *);
diff --git a/src/lib/krb5/os/sendto_kdc.c b/src/lib/krb5/os/sendto_kdc.c
index 82523c5..0eedec1 100644
--- a/src/lib/krb5/os/sendto_kdc.c
+++ b/src/lib/krb5/os/sendto_kdc.c
@@ -436,7 +436,7 @@ krb5_set_kdc_recv_hook(krb5_context context, krb5_post_recv_fn recv_hook,
krb5_error_code
krb5_sendto_kdc(krb5_context context, const krb5_data *message,
- const krb5_data *realm, krb5_data *reply_out, int *use_master,
+ const krb5_data *realm, krb5_data *reply_out, int *use_primary,
int no_udp)
{
krb5_error_code retval, oldret, err;
@@ -460,7 +460,7 @@ krb5_sendto_kdc(krb5_context context, const krb5_data *message,
* should probably be returned as well.
*/
- TRACE_SENDTO_KDC(context, message->length, realm, *use_master, no_udp);
+ TRACE_SENDTO_KDC(context, message->length, realm, *use_primary, no_udp);
if (!no_udp && context->udp_pref_limit < 0) {
int tmp;
@@ -486,7 +486,7 @@ krb5_sendto_kdc(krb5_context context, const krb5_data *message,
else
strategy = UDP_LAST;
- retval = k5_locate_kdc(context, realm, &servers, *use_master, no_udp);
+ retval = k5_locate_kdc(context, realm, &servers, *use_primary, no_udp);
if (retval)
return retval;
@@ -527,10 +527,13 @@ krb5_sendto_kdc(krb5_context context, const krb5_data *message,
retval, realm, message, &reply,
&hook_reply);
if (oldret && !retval) {
- /* The hook must set a reply if it overrides an error from
- * k5_sendto(). Treat this reply as coming from the master KDC. */
+ /*
+ * The hook must set a reply if it overrides an error from
+ * k5_sendto(). Treat this reply as coming from the primary
+ * KDC.
+ */
assert(hook_reply != NULL);
- *use_master = 1;
+ *use_primary = 1;
}
}
if (retval)
@@ -544,12 +547,12 @@ krb5_sendto_kdc(krb5_context context, const krb5_data *message,
reply = empty_data();
}
- /* Set use_master to 1 if we ended up talking to a master when we didn't
+ /* Set use_primary to 1 if we ended up talking to a primary when we didn't
* explicitly request to. */
- if (*use_master == 0) {
- *use_master = k5_kdc_is_master(context, realm,
- &servers.servers[server_used]);
- TRACE_SENDTO_KDC_MASTER(context, *use_master);
+ if (*use_primary == 0) {
+ *use_primary = k5_kdc_is_primary(context, realm,
+ &servers.servers[server_used]);
+ TRACE_SENDTO_KDC_PRIMARY(context, *use_primary);
}
cleanup:
diff --git a/src/lib/krb5/os/t_locate_kdc.c b/src/lib/krb5/os/t_locate_kdc.c
index 7a53c84..6da28eb 100644
--- a/src/lib/krb5/os/t_locate_kdc.c
+++ b/src/lib/krb5/os/t_locate_kdc.c
@@ -60,7 +60,7 @@ print_addrs (void)
if (entry->hostname != NULL) {
printf("%d: h:%s t:%s p:%d m:%d P:%s\n", (int)i,
entry->hostname, ttypename(entry->transport),
- entry->port, entry->master,
+ entry->port, entry->primary,
entry->uri_path ? entry->uri_path : "");
continue;
}
@@ -84,7 +84,7 @@ main (int argc, char *argv[])
krb5_data realm;
krb5_context ctx;
krb5_error_code err;
- int master = 0;
+ int primary = 0;
p = strrchr (argv[0], '/');
if (p)
@@ -103,7 +103,7 @@ main (int argc, char *argv[])
else if (!strcmp (argv[1], "-d"))
how = LOOKUP_DNS;
else if (!strcmp (argv[1], "-m"))
- master = 1;
+ primary = 1;
else
goto usage;
realmname = argv[2];
@@ -131,7 +131,7 @@ main (int argc, char *argv[])
break;
case LOOKUP_WHATEVER:
- err = k5_locate_kdc(ctx, &realm, &sl, master, FALSE);
+ err = k5_locate_kdc(ctx, &realm, &sl, primary, FALSE);
break;
}
if (err) kfatal (err);
diff --git a/src/lib/krb5/os/t_std_conf.c b/src/lib/krb5/os/t_std_conf.c
index 6f221ae..7052524 100644
--- a/src/lib/krb5/os/t_std_conf.c
+++ b/src/lib/krb5/os/t_std_conf.c
@@ -76,13 +76,13 @@ test_locate_kdc(krb5_context ctx, char *realm)
{
struct serverlist servers;
size_t i;
- int get_masters = FALSE;
+ int get_primaries = FALSE;
krb5_data rlm;
krb5_error_code retval;
rlm.data = realm;
rlm.length = strlen(realm);
- retval = k5_locate_kdc(ctx, &rlm, &servers, get_masters, FALSE);
+ retval = k5_locate_kdc(ctx, &rlm, &servers, get_primaries, FALSE);
if (retval) {
com_err("krb5_locate_kdc", retval, 0);
return;
diff --git a/src/tests/dejagnu/krb-standalone/kprop.exp b/src/tests/dejagnu/krb-standalone/kprop.exp
index f71ee86..661e3fd 100644
--- a/src/tests/dejagnu/krb-standalone/kprop.exp
+++ b/src/tests/dejagnu/krb-standalone/kprop.exp
@@ -88,7 +88,7 @@ proc doit { } {
return
}
- # Dump master database.
+ # Dump primary database.
envstack_push
setup_kerberos_env kdc
spawn $KDB5_UTIL dump $tmppwd/replica_datatrans
diff --git a/src/tests/etinfo.c b/src/tests/etinfo.c
index f8f7d75..6b8a4f3 100644
--- a/src/tests/etinfo.c
+++ b/src/tests/etinfo.c
@@ -121,7 +121,7 @@ main(int argc, char **argv)
krb5_pa_data **padata;
krb5_preauthtype pa_type = KRB5_PADATA_NONE;
unsigned int flags;
- int master = 0;
+ int primary = 0;
if (argc < 2 || argc > 3) {
fprintf(stderr, "Usage: %s princname [patype]\n", argv[0]);
@@ -140,7 +140,7 @@ main(int argc, char **argv)
reply = empty_data();
check(krb5_init_creds_step(ctx, icc, &reply, &request, &realm, &flags));
assert(flags == KRB5_INIT_CREDS_STEP_FLAG_CONTINUE);
- check(krb5_sendto_kdc(ctx, &request, &realm, &reply, &master, 0));
+ check(krb5_sendto_kdc(ctx, &request, &realm, &reply, &primary, 0));
if (decode_krb5_error(&reply, &error) == 0) {
decode_krb5_padata_sequence(&error->e_data, &padata);
diff --git a/src/tests/icinterleave.c b/src/tests/icinterleave.c
index a1bdd35..bcc87c7 100644
--- a/src/tests/icinterleave.c
+++ b/src/tests/icinterleave.c
@@ -63,7 +63,7 @@ main(int argc, char **argv)
krb5_init_creds_context *iccs;
krb5_data req, *reps, realm;
krb5_boolean any_left;
- int i, nclients, master;
+ int i, nclients, primary;
unsigned int flags;
if (argc < 3) {
@@ -111,9 +111,9 @@ main(int argc, char **argv)
continue;
}
- master = 0;
+ primary = 0;
krb5_free_data_contents(ctx, &reps[i]);
- check(krb5_sendto_kdc(ctx, &req, &realm, &reps[i], &master, 0));
+ check(krb5_sendto_kdc(ctx, &req, &realm, &reps[i], &primary, 0));
krb5_free_data_contents(ctx, &req);
krb5_free_data_contents(ctx, &realm);
}
diff --git a/src/tests/t_iprop.py b/src/tests/t_iprop.py
index 3bb0fd2..09ec249 100755
--- a/src/tests/t_iprop.py
+++ b/src/tests/t_iprop.py
@@ -57,7 +57,8 @@ def wait_for_prop(kpropd, full_expected, expected_old, expected_new):
fail('iprop_get_updates failed')
if 'permission denied' in line:
fail('kadmind denied update')
- if 'error from master' in line or 'error returned from master' in line:
+ if ('error from primary' in line or
+ 'error returned from primary' in line):
fail('kadmind reported error')
if 'invalid return' in line:
fail('kadmind returned invalid result')
@@ -117,11 +118,11 @@ def check_ulog(num, first, last, entries, env=None):
if eprinc != None:
fail('Expected princ %s in update entry %d' % (eprinc, ser))
-# replica1 will receive updates from master, and replica2 will receive
-# updates from replica1. Because of the awkward way iprop and kprop
-# port configuration currently works, we need separate config files
-# for the replica and master sides of replica1, but they use the same
-# DB and ulog file.
+# replica1 will receive updates from primary, and replica2 will
+# receive updates from replica1. Because of the awkward way iprop and
+# kprop port configuration currently works, we need separate config
+# files for the replica and primary sides of replica1, but they use
+# the same DB and ulog file.
conf = {'realms': {'$realm': {'iprop_enable': 'true',
'iprop_logfile': '$testdir/db.ulog'}}}
conf_rep1 = {'realms': {'$realm': {'iprop_replica_poll': '600',
@@ -199,12 +200,12 @@ for realm in multidb_realms(kdc_conf=conf, create_user=False,
realm.run([kdb5_util, '-r', realm.realm, 'load', dumpfile], replica3)
realm.run([kdb5_util, 'load', dumpfile], replica4)
- # Reinitialize the master ulog so we know exactly what to expect in
- # it.
+ # Reinitialize the primary ulog so we know exactly what to expect
+ # in it.
realm.run([kproplog, '-R'])
check_ulog(1, 1, 1, [None])
- # Make some changes to the master DB.
+ # Make some changes to the primary DB.
realm.addprinc(pr1)
realm.addprinc(pr3)
realm.addprinc(pr2)
@@ -212,13 +213,13 @@ for realm in multidb_realms(kdc_conf=conf, create_user=False,
realm.run([kadminl, 'modprinc', '+allow_tix', pr2])
check_ulog(6, 1, 6, [None, pr1, pr3, pr2, pr2, pr2])
- # Start kpropd for replica1 and get a full dump from master.
+ # Start kpropd for replica1 and get a full dump from primary.
mark('propagate M->1 full')
kpropd1 = realm.start_kpropd(replica1, ['-d'])
wait_for_prop(kpropd1, True, 1, 6)
out = realm.run([kadminl, 'listprincs'], env=replica1)
if pr1 not in out or pr2 not in out or pr3 not in out:
- fail('replica1 does not have all principals from master')
+ fail('replica1 does not have all principals from primary')
check_ulog(1, 6, 6, [None], replica1)
# Make a change and check that it propagates incrementally.
@@ -289,7 +290,7 @@ for realm in multidb_realms(kdc_conf=conf, create_user=False,
stop_daemon(kpropd4)
# Start kpropd for replica2. The -A option isn't needed since
- # we're talking to the same host as master (we specify it anyway
+ # we're talking to the same host as primary (we specify it anyway
# to exercise the code), but replica2 defines iprop_port to $port8
# so it will talk to replica1. Get a full dump from replica1.
mark('propagate 1->2 full')
@@ -320,7 +321,7 @@ for realm in multidb_realms(kdc_conf=conf, create_user=False,
realm.run([kadminl, 'getprinc', pr1], env=replica2,
expected_msg='Maximum renewable life: 0 days 22:00:00\n')
- # Reset the ulog on replica1 to force a full resync from master.
+ # Reset the ulog on replica1 to force a full resync from primary.
# The resync will use the old dump file and then propagate
# changes. replica2 should still be in sync with replica1 after
# the resync, so make sure it doesn't take a full resync.
@@ -395,7 +396,7 @@ for realm in multidb_realms(kdc_conf=conf, create_user=False,
realm.run([kadminl, 'getpol', 'testpol'], env=replica2, expected_code=1,
expected_msg='Policy does not exist')
- # Modify a principal on the master and test that it propagates
+ # Modify a principal on the primary and test that it propagates
# incrementally.
mark('propagate M->1->2 incremental (after policy changes)')
realm.run([kadminl, 'modprinc', '-maxlife', '10 minutes', pr1])
@@ -446,7 +447,7 @@ for realm in multidb_realms(kdc_conf=conf, create_user=False,
pr1 = renpr
- # Reset the ulog on the master to force a full resync.
+ # Reset the ulog on the primary to force a full resync.
mark('propagate M->1->2 full (ulog reset)')
realm.run([kproplog, '-R'])
check_ulog(1, 1, 1, [None])
@@ -469,7 +470,7 @@ for realm in multidb_realms(kdc_conf=conf, create_user=False,
fail('Expected synchronized from kpropd -t')
check_ulog(1, 1, 1, [None], replica1)
- # Make a change on the master and fetch it incrementally.
+ # Make a change on the primary and fetch it incrementally.
realm.run([kadminl, 'modprinc', '-maxlife', '5 minutes', pr1])
check_ulog(2, 1, 2, [None, pr1])
out = realm.run_kpropd_once(replica1, ['-d'])
diff --git a/src/tests/t_kprop.py b/src/tests/t_kprop.py
index c33e4fe..d96f7c5 100755
--- a/src/tests/t_kprop.py
+++ b/src/tests/t_kprop.py
@@ -32,7 +32,7 @@ for realm in multipass_realms(create_user=False):
realm.run([kdb5_util, 'load', dumpfile], replica)
realm.run([kdb5_util, 'stash', '-P', 'master'], replica)
- # Make some changes to the master db.
+ # Make some changes to the primary db.
realm.addprinc('wakawaka')
# Start kpropd.
@@ -67,7 +67,7 @@ realm.run([kdb5_util, 'dump', dumpfile])
realm.run([kdb5_util, '-r', realm.realm, 'load', dumpfile], replica2)
realm.run([kdb5_util, 'load', dumpfile], replica3)
-# Make some changes to the master db.
+# Make some changes to the primary db.
realm.addprinc('wakawaka')
# Test override of default_realm with -r realm argument.
diff --git a/src/windows/include/loadfuncs-krb5.h b/src/windows/include/loadfuncs-krb5.h
index 39a3504..b6e6a0c 100644
--- a/src/windows/include/loadfuncs-krb5.h
+++ b/src/windows/include/loadfuncs-krb5.h
@@ -1728,7 +1728,7 @@ TYPEDEF_FUNC(
krb5_locate_kdc,
(krb5_context context, const krb5_data *realm,
struct addrlist *addrlist,
- int get_masters, int socktype, int family)
+ int get_primaries, int socktype, int family)
);
TYPEDEF_FUNC(
More information about the cvs-krb5
mailing list