NAME

kdb - Displays log or privileged actions performed by the Authentication Server

SYNOPSIS

kdb [-dbmfile <dbmfile to use (default /usr/afs/logs/AuthLog)>] [-key <extract entries that match specified key>] [-long] [-numeric] [-help]

DESCRIPTION

The kdb command displays the contents of the AuthLog.dir and AuthLog.pag files associated with the AuthLog file that resides on the local disk, by default in the /usr/afs/logs directory. The files must exist in that directory, which normally implies that the Authentication Server is running on the machine. The files contain information on privileged actions performed by the obsolete Authentication Server.

CAUTIONS

The kdb command is only used to read the log files from the obsolete Authentication Server, which should no longer be used. It is provided for sites that have not yet migrated to a Kerberos version 5 KDC. The Authentication Server and supporting commands, including kdb, will be removed in a future version of OpenAFS.

It is possible that on some operating systems that AFS otherwise supports, the Authentication Server cannot create the /usr/afs/logs/AuthLog.dir and /usr/afs/logs/AuthLog.pag files, making this command inoperative.

OPTIONS

-dbmfile <dbmfile to use>

Specifies the pathname of the file to display. Provide either a complete pathname, a pathname relative to the /usr/afs/logs directory, or a filename only, in which case the file must reside in the /usr/afs/logs directory. Omit this argument to display information from the AuthLog.dir and AuthLog.pag files in the /usr/afs/logs directory.

-key <extract entries that match specified key>

Specifies each entry to be displayed from the indicated file.

-long

When printing all entries, print out detailed information for each entry.

-numeric

Do not resolve IP addresses to hostnames, and instead print out numeric IP addresses.

-help

Prints the online help for this command. All other valid options are ignored.

OUTPUT

The first line of output indicates the location of the files from which the subsequent information is derived:

   Printing all entries found in <file_location>

Each entry then includes the following two fields, separated by a colon:

user/server

Identifies the user requesting the corresponding service and the server that performed that service. In cases where no user is directly involved, only the server appears; in cases where no server is directly involved, only the user appears.

service

Identifies one of the following actions or services performed by the user or server process.

The final line of output sums the number of entries.

EXAMPLES

The following example shows the output of the kdb command in the Example Corporation cell (example.com):

   % kdb
   Printing all entries found in /usr/afs/logs/AuthLog
   admin,krbtgt.EXAMPLE.COM:auth
   admin,afs:gtck
   admin:cruser
   admin:delu
   4 entries were found

PRIVILEGE REQUIRED

The issuer must be logged in as the local superuser root.

SEE ALSO

AuthLog.dir(5), bos_getlog(8), kaserver(8)

COPYRIGHT

IBM Corporation 2000. <http://www.ibm.com/> All Rights Reserved.

This documentation is covered by the IBM Public License Version 1.0. It was converted from HTML to POD by software written by Chas Williams and Russ Allbery, based on work by Alf Wachsmann and Elizabeth Cassell.