Add kiprop/<master-hostname> during KDB creation

To reduce the number of steps in the deployment of iprop, create the
kiprop/hostname principal for the master KDC during KDB creation.
Adjust tests to match the new behavior.

[ghudson@mit.edu: clarified commit message; avoided applying kadmin
flags/lifetime to kiprop principal]

ticket: 7979 (new)

2 files changed, 6 insertions, 3 deletions

diff --git a/doc/admin/admin_commands/kadmind.rst b/doc/admin/admin_commands/kadmind.rst
index 88f5566..acf25e3 100644
--- a/doc/admin/admin_commands/kadmind.rst
+++ b/doc/admin/admin_commands/kadmind.rst
@@ -53,8 +53,9 @@ and policy updates incrementally instead of receiving full dumps of
 the database.  This facility can be enabled in the :ref:`kdc.conf(5)`
 file with the **iprop_enable** option.  Incremental propagation
 requires the principal ``kiprop/MASTER\@REALM`` (where MASTER is the
-master KDC's canonical host name, and REALM the realm name) to be
-registered in the database.
+master KDC's canonical host name, and REALM the realm name).  In
+release 1.13, this principal is automatically created and registered
+into the datebase.
 
 
 OPTIONS
diff --git a/doc/admin/database.rst b/doc/admin/database.rst
index 0d8bfa5..c7abc1b 100644
--- a/doc/admin/database.rst
+++ b/doc/admin/database.rst
@@ -805,7 +805,9 @@ Both master and slave sides must have a principal named
 ``kiprop/hostname`` (where *hostname* is the lowercase,
 fully-qualified, canonical name for the host) registered in the
 Kerberos database, and have keys for that principal stored in the
-default keytab file (|keytab|).
+default keytab file (|keytab|).  In release 1.13, the
+``kiprop/hostname`` principal is created automatically for the master
+KDC, but it must still be created for slave KDCs.
 
 On the master KDC side, the ``kiprop/hostname`` principal must be
 listed in the kadmind ACL file :ref:`kadm5.acl(5)`, and given the