doc/xml/AdminReference/sect8/kdb.xml

   1 <?xml version="1.0" encoding="UTF-8"?>
   2 <refentry id="kdb8">
   3   <refmeta>
   4     <refentrytitle>kdb</refentrytitle>
   5     <manvolnum>8</manvolnum>
   6   </refmeta>
   7   <refnamediv>
   8     <refname>kdb</refname>
   9     <refpurpose>Displays log or privileged actions performed by the Authentication Server</refpurpose>
  10   </refnamediv>
  11   <refsect1>
  12     <title>Synopsis</title>
  13     <para><emphasis role="bold">kdb</emphasis> [<emphasis role="bold">-dbmfile</emphasis> &lt;<emphasis>dbmfile to use (default /usr/afs/logs/AuthLog)</emphasis>&gt;]
  14         [<emphasis role="bold">-key</emphasis> &lt;<emphasis>extract entries that match specified key</emphasis>&gt;] [<emphasis role="bold">-help</emphasis>]</para>
  15
  16   </refsect1>
  17   <refsect1>
  18     <title>Description</title>
  19     <para>The <emphasis role="bold">kdb</emphasis> command displays the contents of the <replaceable>AuthLog.dir</replaceable> and
  20     <replaceable>AuthLog.pag</replaceable> files associated with the <replaceable>AuthLog</replaceable> file that resides on
  21     the local disk, by default in the <replaceable>/usr/afs/logs</replaceable> directory. The files
  22     must exist in that directory, which normally implies that the
  23     Authentication Server is running on the machine. The files contain
  24     information on privileged actions performed by the Authentication Server.</para>
  25
  26   </refsect1>
  27   <refsect1>
  28     <title>Cautions</title>
  29     <para>It is possible that on some operating systems that AFS otherwise supports,
  30     the Authentication Server cannot create the <replaceable>/usr/afs/logs/AuthLog.dir</replaceable>
  31     and <replaceable>/usr/afs/logs/AuthLog.pag</replaceable> files, making this command
  32     inoperative. See the <emphasis>IBM AFS Release Notes</emphasis> for details.</para>
  33
  34   </refsect1>
  35   <refsect1>
  36     <title>Options</title>
  37     <variablelist>
  38       <varlistentry>
  39         <term><emphasis role="bold">-dbmfile</emphasis> &lt;<emphasis>dbmfile to use</emphasis>&gt;</term>
  40         <listitem>
  41           <para>Specifies the pathname of the file to display. Provide either a complete
  42           pathname, a pathname relative to the <replaceable>/usr/afs/logs</replaceable> directory, or a
  43           filename only, in which case the file must reside in the <replaceable>/usr/afs/logs</replaceable>
  44           directory. Omit this argument to display information from the
  45           <replaceable>AuthLog.dir</replaceable> and <replaceable>AuthLog.pag</replaceable> files in the <replaceable>/usr/afs/logs</replaceable> directory.</para>
  46
  47         </listitem>
  48       </varlistentry>
  49       <varlistentry>
  50         <term><emphasis role="bold">-key</emphasis> &lt;<emphasis>extract entries that match specified key</emphasis>&gt;</term>
  51         <listitem>
  52           <para>Specifies each entry to be displayed from the indicated file.</para>
  53
  54         </listitem>
  55       </varlistentry>
  56       <varlistentry>
  57         <term><emphasis role="bold">-help</emphasis></term>
  58         <listitem>
  59           <para>Prints the online help for this command. All other valid options are
  60           ignored.</para>
  61
  62         </listitem>
  63       </varlistentry>
  64     </variablelist>
  65   </refsect1>
  66   <refsect1>
  67     <title>Output</title>
  68     <para>The first line of output indicates the location of the files from which
  69     the subsequent information is derived:</para>
  70
  71 <programlisting>
  72    Printing all entries found in &amp;lt;file_location&amp;gt;
  73
  74 </programlisting>
  75       <para>Each entry then includes the following two fields, separated by a colon:</para>
  76
  77       <variablelist>
  78         <varlistentry>
  79           <term>user/server</term>
  80           <listitem>
  81             <para>Identifies the user requesting the corresponding service and the server
  82             that performed that service. In cases where no user is directly involved,
  83             only the server appears; in cases where no server is directly involved,
  84             only the user appears.</para>
  85
  86           </listitem>
  87         </varlistentry>
  88         <varlistentry>
  89           <term>service</term>
  90           <listitem>
  91             <para>Identifies one of the following actions or services performed by the user
  92             or server process.</para>
  93
  94             <itemizedlist>
  95               <listitem>
  96                 <para><computeroutput>auth</computeroutput>: Obtained a ticket-granting ticket.</para>
  97
  98               </listitem>
  99               <listitem>
 100                 <para><computeroutput>chp</computeroutput>: Changed a user password.</para>
 101
 102               </listitem>
 103               <listitem>
 104                 <para><computeroutput>cruser</computeroutput>: Created a user entry in the Authentication Database.</para>
 105
 106               </listitem>
 107               <listitem>
 108                 <para><computeroutput>delu</computeroutput>: Deleted a user entry from the Authentication Database.</para>
 109
 110               </listitem>
 111               <listitem>
 112                 <para><computeroutput>gtck</computeroutput>: Obtained a ticket other than a ticket-granting ticket.</para>
 113
 114               </listitem>
 115               <listitem>
 116                 <para><computeroutput>setf</computeroutput>: Set fields in an Authentication Database entry.</para>
 117
 118               </listitem>
 119               <listitem>
 120                 <para><computeroutput>unlok</computeroutput>: Unlocked an Authentication Database entry.</para>
 121
 122               </listitem>
 123             </itemizedlist>
 124           </listitem>
 125         </varlistentry>
 126       </variablelist>
 127       <para>The final line of output sums the number of entries.</para>
 128
 129     </refsect1>
 130     <refsect1>
 131       <title>Examples</title>
 132       <para>The following example shows the output of the <emphasis role="bold">kdb</emphasis> command in the ABC
 133       Corporation cell (<computeroutput>abc.com</computeroutput>):</para>
 134
 135 <programlisting>
 136    % kdb
 137    Printing all entries found in /usr/afs/logs/AuthLog
 138    admin,krbtgt.ABC.COM:auth
 139    admin,afs:gtck
 140    admin:cruser
 141    admin:delu
 142    4 entries were found
 143
 144 </programlisting>
 145       </refsect1>
 146       <refsect1>
 147         <title>Privilege Required</title>
 148         <para>The issuer must be logged in as the local superuser <computeroutput>root</computeroutput>.</para>
 149
 150       </refsect1>
 151       <refsect1>
 152         <title>See Also</title>
 153         <para><link linkend="AuthLog_dir5">AuthLog.dir(5)</link>,
 154         <link linkend="bos_getlog8">bos_getlog(8)</link>,
 155         <link linkend="kaserver8">kaserver(8)</link></para>
 156
 157       </refsect1>
 158       <refsect1>
 159         <title>Copyright</title>
 160         <para>IBM Corporation 2000. &lt;http://www.ibm.com/&gt; All Rights Reserved.</para>
 161
 162         <para>This documentation is covered by the IBM Public License Version 1.0.  It was
 163         converted from HTML to POD by software written by Chas Williams and Russ
 164         Allbery, based on work by Alf Wachsmann and Elizabeth Cassell.</para>
 165
 166       </refsect1>
 167     </refentry>