Added doc on replication and activation tokens.

nats_tools/nas/README.md

@@ -8,6 +8,9 @@ The [NATS Account Server](https://github.com/nats-io/nats-account-server) is an
 
 The server can operate in a _READ ONLY_ mode where it serves content from a directory, or in notification mode, where it can notify a NATS server that JWT in the store have been modified, updating the NATS server with the updated JWT.
 
+The server supports replica mode, which allows load balancing, fault tolerance and geographic distribution of servers. Replicas are read-only and copy JWTs from the primary based on cache invalidation or NATS notifications.
+
+The account server can host activation tokens as well as account JWTs. These tokens are used when one account needs to give permission to another account to access a private export. Tokens can be configured as full tokens, or URLs. By hosting them in the account server you can avoid the copy/paste process of embedding tokens. They can also be updated more easily on expiration.
 
 ### Memory Resolver
 

nats_tools/nas/nas_conf.md

@@ -108,7 +108,8 @@ Let's take a look at the configuration options:
 | `operatorjwtpath` | The path to an operator JWT. Required for non-read-only servers. Only JWTs signed by the operator (or one of it's signing keys) are accepted. |
 | `store` | A `store` configuration block specifying store options. |
 | `systemaccountjwtpath` | Path to an Account JWT that should be returned as the system account. |
-
+| `primary` | URL for the primary, `protocol://host:port`. |
+| `replicationtimeout` | Timeout, in milliseconds, used by the replica when talking to the primary, defaults to `5000`. |
 
 #### `store` Configuration
 
@@ -157,8 +158,3 @@ Let's take a look at the configuration options:
 | `root` | filepath to the CA certificate. |
 | `cert` | filepath to the certificate. |
 | `cert` | filepath to the certificate key. |
-
-
-
-
-