xref: /titanic_50/usr/src/man/man1m/kproplog.1m (revision 372a60c34a6075464eaab2e7e079cbbc781f9215)
te
Copyright (c) 2003, Sun Microsystems, Inc. All Rights Reserved
The contents of this file are subject to the terms of the Common Development and Distribution License (the "License"). You may not use this file except in compliance with the License.
You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE or http://www.opensolaris.org/os/licensing. See the License for the specific language governing permissions and limitations under the License.
When distributing Covered Code, include this CDDL HEADER in each file and include the License file at usr/src/OPENSOLARIS.LICENSE. If applicable, add the following below this CDDL HEADER, with the fields enclosed by brackets "[]" replaced with your own identifying information: Portions Copyright [yyyy] [name of copyright owner]
KPROPLOG 1M "Oct 29, 2015"
NAME
kproplog - display the contents of the Kerberos principal update log
SYNOPSIS

/usr/sbin/kproplog [-h | -e num]
DESCRIPTION

The kproplog displays the contents of the Kerberos principal update log to standard output. This command can be used to keep track of the incremental updates to the principal database, which is enabled by default. The /var/krb5/principal.ulog file contains the update log maintained by the kadmind(1M) process on the master KDC server and the kpropd(1M) process on the slave KDC servers. When updates occur, they are logged to this file. Subsequently any KDC slave configured for incremental updates will request the current data from the master KDC and update their principal.ulog file with any updates returned.

The kproplog command can only be run on a KDC server by someone with privileges comparable to the superuser. It will display update entries for that server only.

If no options are specified, the summary of the update log is displayed. If invoked on the master, all of the update entries are also displayed. When invoked on a slave KDC server, only a summary of the updates are displayed, which includes the serial number of the last update received and the associated time stamp of the last update.

OPTIONS

The following options are supported: -h

Display a summary of the update log. This information includes the database version number, state of the database, the number of updates in the log, the time stamp of the first and last update, and the version number of the first and last update entry.

-e num

Display the last num update entries in the log. This is useful when debugging synchronization between KDC servers.

-v

Display individual attributes per update. An example of the output generated for one entry:

Update Entry
 Update serial # : 4
 Update operation : Add
 Update principal : test@EXAMPLE.COM
 Update size : 424
 Update committed : True
 Update time stamp : Fri Feb 20 23:37:42 2004
 Attributes changed : 6
 Principal
 Key data
 Password last changed
 Modifying principal
 Modification time
 TL data
FILES
/var/krb5/principal.ulog

The update log file for incremental propagation.

ATTRIBUTES

See attributes(5) for descriptions of the following attributes:

ATTRIBUTE TYPE ATTRIBUTE VALUE
Interface Stability Evolving
SEE ALSO

kpasswd(1), kadmin(1M), kadmind(1M), kdb5_util(1M), kprop(1M), kpropd(1M), kadm5.acl(4), kdc.conf(4), attributes(5), kerberos(5)