jimzah/openafs
1
0
Fork 0
mirror of https://git.openafs.org/openafs.git synced 2025-01-19 07:20:11 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity
f2cba414c1
openafs/doc/man-pages/pod8/kdb.pod
Russ Allbery af1dbcf0c9 Add warnings for Authentication Server commands 
For each command only useful with the Authentication Server, add
warnings that the Authentication Server is obsolete and will be
removed in a future version of OpenAFS.  Encourage people who care
to update uss to work with a modern Kerberos KDC, recommend kinit
and aklog or klog.krb5 over klog, and warn that klog will be of
limited use without an Authentication Server.

Change-Id: Idc78ba548134b83ac1eea0fb81a5bc38a431bb38
Reviewed-on: http://gerrit.openafs.org/2052
Reviewed-by: Derrick Brashear <shadow@dementia.org>
Tested-by: Derrick Brashear <shadow@dementia.org>
2010-05-31 20:40:58 -07:00

150 lines
3.8 KiB
Plaintext
Raw Blame History

=head1 NAME
kdb - Displays log or privileged actions performed by the Authentication Server
=head1 SYNOPSIS
=for html
<div class="synopsis">
B<kdb> S<<< [B<-dbmfile> <I<dbmfile to use (default /usr/afs/logs/AuthLog)>>] >>>
S<<< [B<-key> <I<extract entries that match specified key>>] >>> [B<-help>]
=for html
</div>
=head1 DESCRIPTION
The B<kdb> command displays the contents of the F<AuthLog.dir> and
F<AuthLog.pag> files associated with the F<AuthLog> file that resides on
the local disk, by default in the F</usr/afs/logs> directory. The files
must exist in that directory, which normally implies that the
Authentication Server is running on the machine. The files contain
information on privileged actions performed by the obsolete Authentication
Server.
=head1 CAUTIONS
The B<kdb> command is only used to read the log files from the obsolete
Authentication Server, which should no longer be used. It is provided for
sites that have not yet migrated to a Kerberos version 5 KDC. The
Authentication Server and supporting commands, including B<kdb>, will be
removed in a future version of OpenAFS.
It is possible that on some operating systems that AFS otherwise supports,
the Authentication Server cannot create the F</usr/afs/logs/AuthLog.dir>
and F</usr/afs/logs/AuthLog.pag> files, making this command inoperative.
=head1 OPTIONS
=over 4
=item B<-dbmfile> <I<dbmfile to use>>
Specifies the pathname of the file to display. Provide either a complete
pathname, a pathname relative to the F</usr/afs/logs> directory, or a
filename only, in which case the file must reside in the F</usr/afs/logs>
directory. Omit this argument to display information from the
F<AuthLog.dir> and F<AuthLog.pag> files in the F</usr/afs/logs> directory.
=item B<-key> <I<extract entries that match specified key>>
Specifies each entry to be displayed from the indicated file.
=item B<-help>
Prints the online help for this command. All other valid options are
ignored.
=back
=head1 OUTPUT
The first line of output indicates the location of the files from which
the subsequent information is derived:
Printing all entries found in <file_location>
Each entry then includes the following two fields, separated by a colon:
=over 4
=item user/server
Identifies the user requesting the corresponding service and the server
that performed that service. In cases where no user is directly involved,
only the server appears; in cases where no server is directly involved,
only the user appears.
=item service
Identifies one of the following actions or services performed by the user
or server process.
=over 4
=item *
C<auth>: Obtained a ticket-granting ticket.
=item *
C<chp>: Changed a user password.
=item *
C<cruser>: Created a user entry in the Authentication Database.
=item *
C<delu>: Deleted a user entry from the Authentication Database.
=item *
C<gtck>: Obtained a ticket other than a ticket-granting ticket.
=item *
C<setf>: Set fields in an Authentication Database entry.
=item *
C<unlok>: Unlocked an Authentication Database entry.
=back
=back
The final line of output sums the number of entries.
=head1 EXAMPLES
The following example shows the output of the B<kdb> command in the ABC
Corporation cell (C<abc.com>):
% kdb
Printing all entries found in /usr/afs/logs/AuthLog
admin,krbtgt.ABC.COM:auth
admin,afs:gtck
admin:cruser
admin:delu
4 entries were found
=head1 PRIVILEGE REQUIRED
The issuer must be logged in as the local superuser C<root>.
=head1 SEE ALSO
L<AuthLog.dir(5)>,
L<bos_getlog(8)>,
L<kaserver(8)>
=head1 COPYRIGHT
IBM Corporation 2000. <http://www.ibm.com/> All Rights Reserved.
This documentation is covered by the IBM Public License Version 1.0. It was
converted from HTML to POD by software written by Chas Williams and Russ
Allbery, based on work by Alf Wachsmann and Elizabeth Cassell.
Reference in New Issue View Git Blame Copy Permalink