HCoop / hcoop / debian / openafs.git / blame
| Commit | Line | Data |
|---|---|---|
| 805e021f CE |
1 | =head1 NAME |
| 2 | ||
| 3 | kdb - Displays log or privileged actions performed by the Authentication Server | |
| 4 | ||
| 5 | =head1 SYNOPSIS | |
| 6 | ||
| 7 | =for html | |
| 8 | <div class="synopsis"> | |
| 9 | ||
| 10 | B<kdb> S<<< [B<-dbmfile> <I<dbmfile to use (default /usr/afs/logs/AuthLog)>>] >>> | |
| 11 | S<<< [B<-key> <I<extract entries that match specified key>>] >>> | |
| 12 | [B<-long>] [B<-numeric>] [B<-help>] | |
| 13 | ||
| 14 | =for html | |
| 15 | </div> | |
| 16 | ||
| 17 | =head1 DESCRIPTION | |
| 18 | ||
| 19 | The B<kdb> command displays the contents of the F<AuthLog.dir> and | |
| 20 | F<AuthLog.pag> files associated with the F<AuthLog> file that resides on | |
| 21 | the local disk, by default in the F</usr/afs/logs> directory. The files | |
| 22 | must exist in that directory, which normally implies that the | |
| 23 | Authentication Server is running on the machine. The files contain | |
| 24 | information on privileged actions performed by the obsolete Authentication | |
| 25 | Server. | |
| 26 | ||
| 27 | =head1 CAUTIONS | |
| 28 | ||
| 29 | The B<kdb> command is only used to read the log files from the obsolete | |
| 30 | Authentication Server, which should no longer be used. It is provided for | |
| 31 | sites that have not yet migrated to a Kerberos version 5 KDC. The | |
| 32 | Authentication Server and supporting commands, including B<kdb>, will be | |
| 33 | removed in a future version of OpenAFS. | |
| 34 | ||
| 35 | It is possible that on some operating systems that AFS otherwise supports, | |
| 36 | the Authentication Server cannot create the F</usr/afs/logs/AuthLog.dir> | |
| 37 | and F</usr/afs/logs/AuthLog.pag> files, making this command inoperative. | |
| 38 | ||
| 39 | =head1 OPTIONS | |
| 40 | ||
| 41 | =over 4 | |
| 42 | ||
| 43 | =item B<-dbmfile> <I<dbmfile to use>> | |
| 44 | ||
| 45 | Specifies the pathname of the file to display. Provide either a complete | |
| 46 | pathname, a pathname relative to the F</usr/afs/logs> directory, or a | |
| 47 | filename only, in which case the file must reside in the F</usr/afs/logs> | |
| 48 | directory. Omit this argument to display information from the | |
| 49 | F<AuthLog.dir> and F<AuthLog.pag> files in the F</usr/afs/logs> directory. | |
| 50 | ||
| 51 | =item B<-key> <I<extract entries that match specified key>> | |
| 52 | ||
| 53 | Specifies each entry to be displayed from the indicated file. | |
| 54 | ||
| 55 | =item B<-long> | |
| 56 | ||
| 57 | When printing all entries, print out detailed information for each entry. | |
| 58 | ||
| 59 | =item B<-numeric> | |
| 60 | ||
| 61 | Do not resolve IP addresses to hostnames, and instead print out numeric IP | |
| 62 | addresses. | |
| 63 | ||
| 64 | =item B<-help> | |
| 65 | ||
| 66 | Prints the online help for this command. All other valid options are | |
| 67 | ignored. | |
| 68 | ||
| 69 | =back | |
| 70 | ||
| 71 | =head1 OUTPUT | |
| 72 | ||
| 73 | The first line of output indicates the location of the files from which | |
| 74 | the subsequent information is derived: | |
| 75 | ||
| 76 | Printing all entries found in <file_location> | |
| 77 | ||
| 78 | Each entry then includes the following two fields, separated by a colon: | |
| 79 | ||
| 80 | =over 4 | |
| 81 | ||
| 82 | =item user/server | |
| 83 | ||
| 84 | Identifies the user requesting the corresponding service and the server | |
| 85 | that performed that service. In cases where no user is directly involved, | |
| 86 | only the server appears; in cases where no server is directly involved, | |
| 87 | only the user appears. | |
| 88 | ||
| 89 | =item service | |
| 90 | ||
| 91 | Identifies one of the following actions or services performed by the user | |
| 92 | or server process. | |
| 93 | ||
| 94 | =over 4 | |
| 95 | ||
| 96 | =item * | |
| 97 | ||
| 98 | C<auth>: Obtained a ticket-granting ticket. | |
| 99 | ||
| 100 | =item * | |
| 101 | ||
| 102 | C<chp>: Changed a user password. | |
| 103 | ||
| 104 | =item * | |
| 105 | ||
| 106 | C<cruser>: Created a user entry in the Authentication Database. | |
| 107 | ||
| 108 | =item * | |
| 109 | ||
| 110 | C<delu>: Deleted a user entry from the Authentication Database. | |
| 111 | ||
| 112 | =item * | |
| 113 | ||
| 114 | C<gtck>: Obtained a ticket other than a ticket-granting ticket. | |
| 115 | ||
| 116 | =item * | |
| 117 | ||
| 118 | C<setf>: Set fields in an Authentication Database entry. | |
| 119 | ||
| 120 | =item * | |
| 121 | ||
| 122 | C<unlok>: Unlocked an Authentication Database entry. | |
| 123 | ||
| 124 | =back | |
| 125 | ||
| 126 | =back | |
| 127 | ||
| 128 | The final line of output sums the number of entries. | |
| 129 | ||
| 130 | =head1 EXAMPLES | |
| 131 | ||
| 132 | The following example shows the output of the B<kdb> command in the Example | |
| 133 | Corporation cell (C<example.com>): | |
| 134 | ||
| 135 | % kdb | |
| 136 | Printing all entries found in /usr/afs/logs/AuthLog | |
| 137 | admin,krbtgt.EXAMPLE.COM:auth | |
| 138 | admin,afs:gtck | |
| 139 | admin:cruser | |
| 140 | admin:delu | |
| 141 | 4 entries were found | |
| 142 | ||
| 143 | =head1 PRIVILEGE REQUIRED | |
| 144 | ||
| 145 | The issuer must be logged in as the local superuser C<root>. | |
| 146 | ||
| 147 | =head1 SEE ALSO | |
| 148 | ||
| 149 | L<AuthLog.dir(5)>, | |
| 150 | L<bos_getlog(8)>, | |
| 151 | L<kaserver(8)> | |
| 152 | ||
| 153 | =head1 COPYRIGHT | |
| 154 | ||
| 155 | IBM Corporation 2000. <http://www.ibm.com/> All Rights Reserved. | |
| 156 | ||
| 157 | This documentation is covered by the IBM Public License Version 1.0. It was | |
| 158 | converted from HTML to POD by software written by Chas Williams and Russ | |
| 159 | Allbery, based on work by Alf Wachsmann and Elizabeth Cassell. |