3 kdb - Displays log or privileged actions performed by the Authentication Server
10 B<kdb> S<<< [B<-dbmfile> <I<dbmfile to use (default /usr/afs/logs/AuthLog)>>] >>>
11 S<<< [B<-key> <I<extract entries that match specified key>>] >>>
12 [B<-long>] [B<-numeric>] [B<-help>]
19 The B<kdb> command displays the contents of the F<AuthLog.dir> and
20 F<AuthLog.pag> files associated with the F<AuthLog> file that resides on
21 the local disk, by default in the F</usr/afs/logs> directory. The files
22 must exist in that directory, which normally implies that the
23 Authentication Server is running on the machine. The files contain
24 information on privileged actions performed by the obsolete Authentication
29 The B<kdb> command is only used to read the log files from the obsolete
30 Authentication Server, which should no longer be used. It is provided for
31 sites that have not yet migrated to a Kerberos version 5 KDC. The
32 Authentication Server and supporting commands, including B<kdb>, will be
33 removed in a future version of OpenAFS.
35 It is possible that on some operating systems that AFS otherwise supports,
36 the Authentication Server cannot create the F</usr/afs/logs/AuthLog.dir>
37 and F</usr/afs/logs/AuthLog.pag> files, making this command inoperative.
43 =item B<-dbmfile> <I<dbmfile to use>>
45 Specifies the pathname of the file to display. Provide either a complete
46 pathname, a pathname relative to the F</usr/afs/logs> directory, or a
47 filename only, in which case the file must reside in the F</usr/afs/logs>
48 directory. Omit this argument to display information from the
49 F<AuthLog.dir> and F<AuthLog.pag> files in the F</usr/afs/logs> directory.
51 =item B<-key> <I<extract entries that match specified key>>
53 Specifies each entry to be displayed from the indicated file.
57 When printing all entries, print out detailed information for each entry.
61 Do not resolve IP addresses to hostnames, and instead print out numeric IP
66 Prints the online help for this command. All other valid options are
73 The first line of output indicates the location of the files from which
74 the subsequent information is derived:
76 Printing all entries found in <file_location>
78 Each entry then includes the following two fields, separated by a colon:
84 Identifies the user requesting the corresponding service and the server
85 that performed that service. In cases where no user is directly involved,
86 only the server appears; in cases where no server is directly involved,
87 only the user appears.
91 Identifies one of the following actions or services performed by the user
98 C<auth>: Obtained a ticket-granting ticket.
102 C<chp>: Changed a user password.
106 C<cruser>: Created a user entry in the Authentication Database.
110 C<delu>: Deleted a user entry from the Authentication Database.
114 C<gtck>: Obtained a ticket other than a ticket-granting ticket.
118 C<setf>: Set fields in an Authentication Database entry.
122 C<unlok>: Unlocked an Authentication Database entry.
128 The final line of output sums the number of entries.
132 The following example shows the output of the B<kdb> command in the Example
133 Corporation cell (C<example.com>):
136 Printing all entries found in /usr/afs/logs/AuthLog
137 admin,krbtgt.EXAMPLE.COM:auth
143 =head1 PRIVILEGE REQUIRED
145 The issuer must be logged in as the local superuser C<root>.
155 IBM Corporation 2000. <http://www.ibm.com/> All Rights Reserved.
157 This documentation is covered by the IBM Public License Version 1.0. It was
158 converted from HTML to POD by software written by Chas Williams and Russ
159 Allbery, based on work by Alf Wachsmann and Elizabeth Cassell.