| 1 | =head1 NAME |
| 2 | |
| 3 | kdb - Displays log or privileged actions performed by the Authentication Server |
| 4 | |
| 5 | =head1 SYNOPSIS |
| 6 | |
| 7 | =for html |
| 8 | <div class="synopsis"> |
| 9 | |
| 10 | B<kdb> S<<< [B<-dbmfile> <I<dbmfile to use (default /usr/afs/logs/AuthLog)>>] >>> |
| 11 | S<<< [B<-key> <I<extract entries that match specified key>>] >>> |
| 12 | [B<-long>] [B<-numeric>] [B<-help>] |
| 13 | |
| 14 | =for html |
| 15 | </div> |
| 16 | |
| 17 | =head1 DESCRIPTION |
| 18 | |
| 19 | The B<kdb> command displays the contents of the F<AuthLog.dir> and |
| 20 | F<AuthLog.pag> files associated with the F<AuthLog> file that resides on |
| 21 | the local disk, by default in the F</usr/afs/logs> directory. The files |
| 22 | must exist in that directory, which normally implies that the |
| 23 | Authentication Server is running on the machine. The files contain |
| 24 | information on privileged actions performed by the obsolete Authentication |
| 25 | Server. |
| 26 | |
| 27 | =head1 CAUTIONS |
| 28 | |
| 29 | The B<kdb> command is only used to read the log files from the obsolete |
| 30 | Authentication Server, which should no longer be used. It is provided for |
| 31 | sites that have not yet migrated to a Kerberos version 5 KDC. The |
| 32 | Authentication Server and supporting commands, including B<kdb>, will be |
| 33 | removed in a future version of OpenAFS. |
| 34 | |
| 35 | It is possible that on some operating systems that AFS otherwise supports, |
| 36 | the Authentication Server cannot create the F</usr/afs/logs/AuthLog.dir> |
| 37 | and F</usr/afs/logs/AuthLog.pag> files, making this command inoperative. |
| 38 | |
| 39 | =head1 OPTIONS |
| 40 | |
| 41 | =over 4 |
| 42 | |
| 43 | =item B<-dbmfile> <I<dbmfile to use>> |
| 44 | |
| 45 | Specifies the pathname of the file to display. Provide either a complete |
| 46 | pathname, a pathname relative to the F</usr/afs/logs> directory, or a |
| 47 | filename only, in which case the file must reside in the F</usr/afs/logs> |
| 48 | directory. Omit this argument to display information from the |
| 49 | F<AuthLog.dir> and F<AuthLog.pag> files in the F</usr/afs/logs> directory. |
| 50 | |
| 51 | =item B<-key> <I<extract entries that match specified key>> |
| 52 | |
| 53 | Specifies each entry to be displayed from the indicated file. |
| 54 | |
| 55 | =item B<-long> |
| 56 | |
| 57 | When printing all entries, print out detailed information for each entry. |
| 58 | |
| 59 | =item B<-numeric> |
| 60 | |
| 61 | Do not resolve IP addresses to hostnames, and instead print out numeric IP |
| 62 | addresses. |
| 63 | |
| 64 | =item B<-help> |
| 65 | |
| 66 | Prints the online help for this command. All other valid options are |
| 67 | ignored. |
| 68 | |
| 69 | =back |
| 70 | |
| 71 | =head1 OUTPUT |
| 72 | |
| 73 | The first line of output indicates the location of the files from which |
| 74 | the subsequent information is derived: |
| 75 | |
| 76 | Printing all entries found in <file_location> |
| 77 | |
| 78 | Each entry then includes the following two fields, separated by a colon: |
| 79 | |
| 80 | =over 4 |
| 81 | |
| 82 | =item user/server |
| 83 | |
| 84 | Identifies the user requesting the corresponding service and the server |
| 85 | that performed that service. In cases where no user is directly involved, |
| 86 | only the server appears; in cases where no server is directly involved, |
| 87 | only the user appears. |
| 88 | |
| 89 | =item service |
| 90 | |
| 91 | Identifies one of the following actions or services performed by the user |
| 92 | or server process. |
| 93 | |
| 94 | =over 4 |
| 95 | |
| 96 | =item * |
| 97 | |
| 98 | C<auth>: Obtained a ticket-granting ticket. |
| 99 | |
| 100 | =item * |
| 101 | |
| 102 | C<chp>: Changed a user password. |
| 103 | |
| 104 | =item * |
| 105 | |
| 106 | C<cruser>: Created a user entry in the Authentication Database. |
| 107 | |
| 108 | =item * |
| 109 | |
| 110 | C<delu>: Deleted a user entry from the Authentication Database. |
| 111 | |
| 112 | =item * |
| 113 | |
| 114 | C<gtck>: Obtained a ticket other than a ticket-granting ticket. |
| 115 | |
| 116 | =item * |
| 117 | |
| 118 | C<setf>: Set fields in an Authentication Database entry. |
| 119 | |
| 120 | =item * |
| 121 | |
| 122 | C<unlok>: Unlocked an Authentication Database entry. |
| 123 | |
| 124 | =back |
| 125 | |
| 126 | =back |
| 127 | |
| 128 | The final line of output sums the number of entries. |
| 129 | |
| 130 | =head1 EXAMPLES |
| 131 | |
| 132 | The following example shows the output of the B<kdb> command in the Example |
| 133 | Corporation cell (C<example.com>): |
| 134 | |
| 135 | % kdb |
| 136 | Printing all entries found in /usr/afs/logs/AuthLog |
| 137 | admin,krbtgt.EXAMPLE.COM:auth |
| 138 | admin,afs:gtck |
| 139 | admin:cruser |
| 140 | admin:delu |
| 141 | 4 entries were found |
| 142 | |
| 143 | =head1 PRIVILEGE REQUIRED |
| 144 | |
| 145 | The issuer must be logged in as the local superuser C<root>. |
| 146 | |
| 147 | =head1 SEE ALSO |
| 148 | |
| 149 | L<AuthLog.dir(5)>, |
| 150 | L<bos_getlog(8)>, |
| 151 | L<kaserver(8)> |
| 152 | |
| 153 | =head1 COPYRIGHT |
| 154 | |
| 155 | IBM Corporation 2000. <http://www.ibm.com/> All Rights Reserved. |
| 156 | |
| 157 | This documentation is covered by the IBM Public License Version 1.0. It was |
| 158 | converted from HTML to POD by software written by Chas Williams and Russ |
| 159 | Allbery, based on work by Alf Wachsmann and Elizabeth Cassell. |