3 bos listkeys - Displays the server encryption keys from the
4 B</usr/afs/etc/KeyFile> file
8 B<bos listkeys -server> <I<machine name>> [B<-showkey>] [-cell <I<cell name>>]
9 [B<-noauth>] [B<-localauth>] [B<-help>]
11 B<bos listk -se> <I<machine name>> [B<-sh>] [B<-c> <I<cell name>>] [B<-n>] [B<-l>] [-h]
15 The bos listkeys command formats and displays the list of server
16 encryption keys from the B</usr/afs/etc/KeyFile> file on the server
17 machine named by the B<-server> argument.
19 To edit the list of keys, use the B<bos addkey> and bos
24 Displaying actual keys on the standard output stream (by including the
25 B<-showkey> flag) is a security exposure. Displaying a checksum
26 is sufficient for most purposes.
35 Indicates the server machine from which to display the KeyFile
36 file. Identify the machine by IP address or its host name (either
37 fully-qualified or abbreviated unambiguously). For details, see the
38 introductory reference page for the B<bos> command suite.
40 For consistent performance in the cell, the output must be the same on
41 every server machine. The B<bos addkey> reference page explains
42 how to keep the machines synchronized.
47 Displays the octal digits that constitute each key.
52 Names the cell in which to run the command. Do not combine this
53 argument with the B<-localauth> flag. For more details, see the
54 introductory B<bos> reference page.
59 Assigns the unprivileged identity anonymous to the
60 issuer. Do not combine this flag with the B<-localauth>
61 flag. For more details, see the introductory B<bos> reference
67 Constructs a server ticket using a key from the local
68 B</usr/afs/etc/KeyFile> file. The B<bos> command
69 interpreter presents the ticket to the BOS Server during mutual
70 authentication. Do not combine this flag with the B<-cell> or
71 B<-noauth> options. For more details, see the introductory
72 B<bos> reference page.
76 Prints the online help for this command. All other valid options
83 The output includes one line for each server encryption key listed in the
84 B<KeyFile> file, identified by its key version number.
86 If the -showkey flag is included, the output displays the actual
87 string of eight octal numbers that constitute the key. Each octal
88 number is a backslash and three decimal digits.
90 If the -showkey flag is not included, the output represents each
91 key as a checksum, which is a decimal number derived by encrypting a constant
94 Following the list of keys or checksums, the string C<Keys last
95 changed> indicates when a key was last added to the B<KeyFile>
96 file. The words C<All done> indicate the end of the
99 For mutual authentication to work properly, the output from the command
100 B<kas examine afs> must match the key or checksum with the same key
101 version number in the output from this command.
105 The following example shows the checksums for the keys stored in the
106 B<KeyFile> file on the machine
109 % bos listkeys fs3.abc.com
110 key 1 has cksum 972037177
111 key 3 has cksum 2825175022
112 key 4 has cksum 260617746
113 key 6 has cksum 4178774593
114 Keys last changed on Mon Apr 12 11:24:46 1999.
117 The following example shows the actual keys from the KeyFile
118 file on the machine B<fs6.abc.com>.
120 % bos listkeys fs6.abc.com -showkey
121 key 0 is '\040\205\211\241\345\002\023\211'
122 key 1 is '\343\315\307\227\255\320\135\244'
123 key 2 is '\310\310\255\253\326\236\261\211'
124 Keys last changed on Wed Mar 31 11:24:46 1999.
127 =head1 PRIVILEGE REQUIRED
129 The issuer must be listed in the /usr/afs/etc/UserList file on
130 the machine named by the B<-server> argument, or must be logged onto a
131 server machine as the local superuser B<root> if the
132 B<-localauth> flag is included.
145 IBM Corporation 2000. <http://www.ibm.com/> All Rights Reserved.
147 This documentation is covered by the IBM Public License Version 1.0. It was
148 converted from HTML to POD by software written by Chas Williams and Russ
149 Allbery, based on work by Alf Wachsmann and Elizabeth Cassell.