Commit | Line | Data |
---|---|---|
805e021f CE |
1 | =head1 NAME |
2 | ||
3 | kdb - Displays log or privileged actions performed by the Authentication Server | |
4 | ||
5 | =head1 SYNOPSIS | |
6 | ||
7 | =for html | |
8 | <div class="synopsis"> | |
9 | ||
10 | B<kdb> S<<< [B<-dbmfile> <I<dbmfile to use (default /usr/afs/logs/AuthLog)>>] >>> | |
11 | S<<< [B<-key> <I<extract entries that match specified key>>] >>> | |
12 | [B<-long>] [B<-numeric>] [B<-help>] | |
13 | ||
14 | =for html | |
15 | </div> | |
16 | ||
17 | =head1 DESCRIPTION | |
18 | ||
19 | The B<kdb> command displays the contents of the F<AuthLog.dir> and | |
20 | F<AuthLog.pag> files associated with the F<AuthLog> file that resides on | |
21 | the local disk, by default in the F</usr/afs/logs> directory. The files | |
22 | must exist in that directory, which normally implies that the | |
23 | Authentication Server is running on the machine. The files contain | |
24 | information on privileged actions performed by the obsolete Authentication | |
25 | Server. | |
26 | ||
27 | =head1 CAUTIONS | |
28 | ||
29 | The B<kdb> command is only used to read the log files from the obsolete | |
30 | Authentication Server, which should no longer be used. It is provided for | |
31 | sites that have not yet migrated to a Kerberos version 5 KDC. The | |
32 | Authentication Server and supporting commands, including B<kdb>, will be | |
33 | removed in a future version of OpenAFS. | |
34 | ||
35 | It is possible that on some operating systems that AFS otherwise supports, | |
36 | the Authentication Server cannot create the F</usr/afs/logs/AuthLog.dir> | |
37 | and F</usr/afs/logs/AuthLog.pag> files, making this command inoperative. | |
38 | ||
39 | =head1 OPTIONS | |
40 | ||
41 | =over 4 | |
42 | ||
43 | =item B<-dbmfile> <I<dbmfile to use>> | |
44 | ||
45 | Specifies the pathname of the file to display. Provide either a complete | |
46 | pathname, a pathname relative to the F</usr/afs/logs> directory, or a | |
47 | filename only, in which case the file must reside in the F</usr/afs/logs> | |
48 | directory. Omit this argument to display information from the | |
49 | F<AuthLog.dir> and F<AuthLog.pag> files in the F</usr/afs/logs> directory. | |
50 | ||
51 | =item B<-key> <I<extract entries that match specified key>> | |
52 | ||
53 | Specifies each entry to be displayed from the indicated file. | |
54 | ||
55 | =item B<-long> | |
56 | ||
57 | When printing all entries, print out detailed information for each entry. | |
58 | ||
59 | =item B<-numeric> | |
60 | ||
61 | Do not resolve IP addresses to hostnames, and instead print out numeric IP | |
62 | addresses. | |
63 | ||
64 | =item B<-help> | |
65 | ||
66 | Prints the online help for this command. All other valid options are | |
67 | ignored. | |
68 | ||
69 | =back | |
70 | ||
71 | =head1 OUTPUT | |
72 | ||
73 | The first line of output indicates the location of the files from which | |
74 | the subsequent information is derived: | |
75 | ||
76 | Printing all entries found in <file_location> | |
77 | ||
78 | Each entry then includes the following two fields, separated by a colon: | |
79 | ||
80 | =over 4 | |
81 | ||
82 | =item user/server | |
83 | ||
84 | Identifies the user requesting the corresponding service and the server | |
85 | that performed that service. In cases where no user is directly involved, | |
86 | only the server appears; in cases where no server is directly involved, | |
87 | only the user appears. | |
88 | ||
89 | =item service | |
90 | ||
91 | Identifies one of the following actions or services performed by the user | |
92 | or server process. | |
93 | ||
94 | =over 4 | |
95 | ||
96 | =item * | |
97 | ||
98 | C<auth>: Obtained a ticket-granting ticket. | |
99 | ||
100 | =item * | |
101 | ||
102 | C<chp>: Changed a user password. | |
103 | ||
104 | =item * | |
105 | ||
106 | C<cruser>: Created a user entry in the Authentication Database. | |
107 | ||
108 | =item * | |
109 | ||
110 | C<delu>: Deleted a user entry from the Authentication Database. | |
111 | ||
112 | =item * | |
113 | ||
114 | C<gtck>: Obtained a ticket other than a ticket-granting ticket. | |
115 | ||
116 | =item * | |
117 | ||
118 | C<setf>: Set fields in an Authentication Database entry. | |
119 | ||
120 | =item * | |
121 | ||
122 | C<unlok>: Unlocked an Authentication Database entry. | |
123 | ||
124 | =back | |
125 | ||
126 | =back | |
127 | ||
128 | The final line of output sums the number of entries. | |
129 | ||
130 | =head1 EXAMPLES | |
131 | ||
132 | The following example shows the output of the B<kdb> command in the Example | |
133 | Corporation cell (C<example.com>): | |
134 | ||
135 | % kdb | |
136 | Printing all entries found in /usr/afs/logs/AuthLog | |
137 | admin,krbtgt.EXAMPLE.COM:auth | |
138 | admin,afs:gtck | |
139 | admin:cruser | |
140 | admin:delu | |
141 | 4 entries were found | |
142 | ||
143 | =head1 PRIVILEGE REQUIRED | |
144 | ||
145 | The issuer must be logged in as the local superuser C<root>. | |
146 | ||
147 | =head1 SEE ALSO | |
148 | ||
149 | L<AuthLog.dir(5)>, | |
150 | L<bos_getlog(8)>, | |
151 | L<kaserver(8)> | |
152 | ||
153 | =head1 COPYRIGHT | |
154 | ||
155 | IBM Corporation 2000. <http://www.ibm.com/> All Rights Reserved. | |
156 | ||
157 | This documentation is covered by the IBM Public License Version 1.0. It was | |
158 | converted from HTML to POD by software written by Chas Williams and Russ | |
159 | Allbery, based on work by Alf Wachsmann and Elizabeth Cassell. |