kaserver.DB0, kaserver.DBSYS1 - The Authentication Database and associated log


The kaserver.DB0 file contains the Authentication Database, which records server encryption keys and an encrypted form of all user passwords. The Authentication Server (kaserver process) uses the information in the database to enable secured communications between AFS server and client processes.

The kaserver.DBSYS1 file is a log file in which the Authentication Server logs each database operation before performing it. When an operation is interrupted, the Authentication Server replays the log to complete the operation.

Both files are in binary format and reside in the /usr/afs/db directory on each of the cell's database server machines. When the Authentication Server starts or restarts on a given machine, it establishes a connection with its peers and verifies that its copy of the database matches the copy on the other database server machines. If not, the Authentication Servers call on AFS's distributed database technology, Ubik, to distribute to all of the machines the copy of the database with the highest version number.

Always use the commands in the kas suite to administer the Authentication Database. It is advisable to create an archive copy of the database on a regular basis, using a tool such as the UNIX tar command.


The Authentication Server is obsolete and is provided only for sites that need to use it while preparing for a migration to Kerberos KDC. It will be removed in a future version of OpenAFS.


kadb_check(8), kas(8), kaserver(8)


IBM Corporation 2000. <> All Rights Reserved.

This documentation is covered by the IBM Public License Version 1.0. It was converted from HTML to POD by software written by Chas Williams and Russ Allbery, based on work by Alf Wachsmann and Elizabeth Cassell.