2005-12-08 12:14:33 +00:00
|
|
|
=head1 NAME
|
|
|
|
|
|
|
|
kdb - Displays log or privileged actions performed by the Authentication Server
|
|
|
|
|
|
|
|
=head1 SYNOPSIS
|
|
|
|
|
2006-03-01 05:02:29 +00:00
|
|
|
=for html
|
|
|
|
<div class="synopsis">
|
|
|
|
|
|
|
|
B<kdb> S<<< [B<-dbmfile> <I<dbmfile to use (default /usr/afs/logs/AuthLog)>>] >>>
|
2013-07-27 04:10:16 +01:00
|
|
|
S<<< [B<-key> <I<extract entries that match specified key>>] >>>
|
|
|
|
[B<-long>] [B<-numeric>] [B<-help>]
|
2006-03-01 05:02:29 +00:00
|
|
|
|
|
|
|
=for html
|
|
|
|
</div>
|
2005-12-08 12:14:33 +00:00
|
|
|
|
|
|
|
=head1 DESCRIPTION
|
|
|
|
|
2005-12-13 19:21:13 +00:00
|
|
|
The B<kdb> command displays the contents of the F<AuthLog.dir> and
|
|
|
|
F<AuthLog.pag> files associated with the F<AuthLog> file that resides on
|
|
|
|
the local disk, by default in the F</usr/afs/logs> directory. The files
|
|
|
|
must exist in that directory, which normally implies that the
|
|
|
|
Authentication Server is running on the machine. The files contain
|
2010-05-27 22:40:21 +01:00
|
|
|
information on privileged actions performed by the obsolete Authentication
|
|
|
|
Server.
|
2005-12-08 12:14:33 +00:00
|
|
|
|
2005-12-09 14:48:56 +00:00
|
|
|
=head1 CAUTIONS
|
2005-12-08 12:14:33 +00:00
|
|
|
|
2010-05-27 22:40:21 +01:00
|
|
|
The B<kdb> command is only used to read the log files from the obsolete
|
|
|
|
Authentication Server, which should no longer be used. It is provided for
|
|
|
|
sites that have not yet migrated to a Kerberos version 5 KDC. The
|
|
|
|
Authentication Server and supporting commands, including B<kdb>, will be
|
|
|
|
removed in a future version of OpenAFS.
|
|
|
|
|
2005-12-08 12:14:33 +00:00
|
|
|
It is possible that on some operating systems that AFS otherwise supports,
|
2005-12-13 19:21:13 +00:00
|
|
|
the Authentication Server cannot create the F</usr/afs/logs/AuthLog.dir>
|
2010-05-26 18:20:57 +01:00
|
|
|
and F</usr/afs/logs/AuthLog.pag> files, making this command inoperative.
|
2005-12-08 12:14:33 +00:00
|
|
|
|
|
|
|
=head1 OPTIONS
|
|
|
|
|
|
|
|
=over 4
|
|
|
|
|
2005-12-13 19:21:13 +00:00
|
|
|
=item B<-dbmfile> <I<dbmfile to use>>
|
2005-12-08 12:14:33 +00:00
|
|
|
|
2005-12-13 19:21:13 +00:00
|
|
|
Specifies the pathname of the file to display. Provide either a complete
|
|
|
|
pathname, a pathname relative to the F</usr/afs/logs> directory, or a
|
|
|
|
filename only, in which case the file must reside in the F</usr/afs/logs>
|
|
|
|
directory. Omit this argument to display information from the
|
|
|
|
F<AuthLog.dir> and F<AuthLog.pag> files in the F</usr/afs/logs> directory.
|
2005-12-08 12:14:33 +00:00
|
|
|
|
2005-12-13 19:21:13 +00:00
|
|
|
=item B<-key> <I<extract entries that match specified key>>
|
2005-12-08 12:14:33 +00:00
|
|
|
|
|
|
|
Specifies each entry to be displayed from the indicated file.
|
|
|
|
|
2013-07-27 04:10:16 +01:00
|
|
|
=item B<-long>
|
|
|
|
|
|
|
|
When printing all entries, print out detailed information for each entry.
|
|
|
|
|
|
|
|
=item B<-numeric>
|
|
|
|
|
|
|
|
Do not resolve IP addresses to hostnames, and instead print out numeric IP
|
|
|
|
addresses.
|
|
|
|
|
2005-12-13 19:21:13 +00:00
|
|
|
=item B<-help>
|
2005-12-08 12:14:33 +00:00
|
|
|
|
2005-12-13 19:21:13 +00:00
|
|
|
Prints the online help for this command. All other valid options are
|
|
|
|
ignored.
|
2005-12-08 12:14:33 +00:00
|
|
|
|
|
|
|
=back
|
|
|
|
|
|
|
|
=head1 OUTPUT
|
|
|
|
|
2005-12-13 19:21:13 +00:00
|
|
|
The first line of output indicates the location of the files from which
|
|
|
|
the subsequent information is derived:
|
2005-12-08 12:14:33 +00:00
|
|
|
|
2005-12-13 19:21:13 +00:00
|
|
|
Printing all entries found in <file_location>
|
2005-12-08 12:14:33 +00:00
|
|
|
|
2005-12-13 19:21:13 +00:00
|
|
|
Each entry then includes the following two fields, separated by a colon:
|
2005-12-08 12:14:33 +00:00
|
|
|
|
|
|
|
=over 4
|
|
|
|
|
2005-12-13 19:21:13 +00:00
|
|
|
=item user/server
|
2005-12-08 12:14:33 +00:00
|
|
|
|
|
|
|
Identifies the user requesting the corresponding service and the server
|
2005-12-13 19:21:13 +00:00
|
|
|
that performed that service. In cases where no user is directly involved,
|
|
|
|
only the server appears; in cases where no server is directly involved,
|
|
|
|
only the user appears.
|
2005-12-08 12:14:33 +00:00
|
|
|
|
2005-12-13 19:21:13 +00:00
|
|
|
=item service
|
2005-12-08 12:14:33 +00:00
|
|
|
|
|
|
|
Identifies one of the following actions or services performed by the user
|
2005-12-13 19:21:13 +00:00
|
|
|
or server process.
|
2005-12-08 12:14:33 +00:00
|
|
|
|
|
|
|
=over 4
|
|
|
|
|
|
|
|
=item *
|
|
|
|
|
2005-12-13 19:21:13 +00:00
|
|
|
C<auth>: Obtained a ticket-granting ticket.
|
2005-12-08 12:14:33 +00:00
|
|
|
|
|
|
|
=item *
|
|
|
|
|
2005-12-13 19:21:13 +00:00
|
|
|
C<chp>: Changed a user password.
|
2005-12-08 12:14:33 +00:00
|
|
|
|
|
|
|
=item *
|
|
|
|
|
2005-12-13 19:21:13 +00:00
|
|
|
C<cruser>: Created a user entry in the Authentication Database.
|
2005-12-08 12:14:33 +00:00
|
|
|
|
|
|
|
=item *
|
|
|
|
|
2005-12-13 19:21:13 +00:00
|
|
|
C<delu>: Deleted a user entry from the Authentication Database.
|
2005-12-08 12:14:33 +00:00
|
|
|
|
|
|
|
=item *
|
|
|
|
|
2005-12-13 19:21:13 +00:00
|
|
|
C<gtck>: Obtained a ticket other than a ticket-granting ticket.
|
2005-12-08 12:14:33 +00:00
|
|
|
|
|
|
|
=item *
|
|
|
|
|
2005-12-13 19:21:13 +00:00
|
|
|
C<setf>: Set fields in an Authentication Database entry.
|
2005-12-08 12:14:33 +00:00
|
|
|
|
|
|
|
=item *
|
|
|
|
|
2005-12-13 19:21:13 +00:00
|
|
|
C<unlok>: Unlocked an Authentication Database entry.
|
2005-12-08 12:14:33 +00:00
|
|
|
|
|
|
|
=back
|
|
|
|
|
|
|
|
=back
|
|
|
|
|
|
|
|
The final line of output sums the number of entries.
|
|
|
|
|
|
|
|
=head1 EXAMPLES
|
|
|
|
|
doc: replace hostnames with IETF example hostnames
There were several different real and made-up hostnames and company names used
throughout our documentation examples.
The IETF has reserved "example.com" and other "example" TLDs for use in
examples (RFC 2606). Replace almost all references to ABC Corporation, DEF
Corporation, and State University, as well as "abc.com", "bigcell.com",
"def.com", "def.gov", "ghi.com", "ghi.gov", "jkl.com", "mit.edu",
"stanford.edu", "state.edu", "stateu.edu", "uncc.edu", and "xyz.com".
Standardize on "Example Corporation", "Example Network", "Example
Organization" (example.com, example.net, and example.org).
The Scout documentation in the Admin Guide contains PNG images that contain
the old cell names, so I left those references until the images can be
replaced.
Change-Id: I4e44815b2d2ffe204810b7fd850842248f67c367
Reviewed-on: http://gerrit.openafs.org/6697
Reviewed-by: Jeffrey Altman <jaltman@secure-endpoints.com>
Tested-by: Jeffrey Altman <jaltman@secure-endpoints.com>
2012-02-11 16:43:30 +00:00
|
|
|
The following example shows the output of the B<kdb> command in the Example
|
|
|
|
Corporation cell (C<example.com>):
|
2005-12-08 12:14:33 +00:00
|
|
|
|
|
|
|
% kdb
|
|
|
|
Printing all entries found in /usr/afs/logs/AuthLog
|
doc: replace hostnames with IETF example hostnames
There were several different real and made-up hostnames and company names used
throughout our documentation examples.
The IETF has reserved "example.com" and other "example" TLDs for use in
examples (RFC 2606). Replace almost all references to ABC Corporation, DEF
Corporation, and State University, as well as "abc.com", "bigcell.com",
"def.com", "def.gov", "ghi.com", "ghi.gov", "jkl.com", "mit.edu",
"stanford.edu", "state.edu", "stateu.edu", "uncc.edu", and "xyz.com".
Standardize on "Example Corporation", "Example Network", "Example
Organization" (example.com, example.net, and example.org).
The Scout documentation in the Admin Guide contains PNG images that contain
the old cell names, so I left those references until the images can be
replaced.
Change-Id: I4e44815b2d2ffe204810b7fd850842248f67c367
Reviewed-on: http://gerrit.openafs.org/6697
Reviewed-by: Jeffrey Altman <jaltman@secure-endpoints.com>
Tested-by: Jeffrey Altman <jaltman@secure-endpoints.com>
2012-02-11 16:43:30 +00:00
|
|
|
admin,krbtgt.EXAMPLE.COM:auth
|
2005-12-08 12:14:33 +00:00
|
|
|
admin,afs:gtck
|
|
|
|
admin:cruser
|
|
|
|
admin:delu
|
|
|
|
4 entries were found
|
|
|
|
|
|
|
|
=head1 PRIVILEGE REQUIRED
|
|
|
|
|
2005-12-13 19:21:13 +00:00
|
|
|
The issuer must be logged in as the local superuser C<root>.
|
2005-12-08 12:14:33 +00:00
|
|
|
|
|
|
|
=head1 SEE ALSO
|
|
|
|
|
2005-12-13 19:21:13 +00:00
|
|
|
L<AuthLog.dir(5)>,
|
|
|
|
L<bos_getlog(8)>,
|
|
|
|
L<kaserver(8)>
|
2005-12-08 12:14:33 +00:00
|
|
|
|
|
|
|
=head1 COPYRIGHT
|
|
|
|
|
|
|
|
IBM Corporation 2000. <http://www.ibm.com/> All Rights Reserved.
|
|
|
|
|
|
|
|
This documentation is covered by the IBM Public License Version 1.0. It was
|
|
|
|
converted from HTML to POD by software written by Chas Williams and Russ
|
|
|
|
Allbery, based on work by Alf Wachsmann and Elizabeth Cassell.
|