NAME

kas_examine - Displays information from an Authentication Database entry

SYNOPSIS

kas examine -name <name of user> [-showkey] [-admin_username <admin principal to use for authentication>] [-password_for_admin <admin password>] [-cell <cell name>] [-servers <explicit list of authentication servers>+] [-noauth] [-help]

kas e -na <name of user> [-sh] [-a <admin principal to use for authentication>] [-p <admin password>] [-c <cell name>] [-se <explicit list of authentication servers>+] [-no] [-h]

DESCRIPTION

The kas examine command formats and displays information from the Authentication Database entry of the user named by the -name argument.

To alter the settings displayed with this command, issue the kas setfields command.

CAUTIONS

Displaying actual keys on the standard output stream by including the -showkey flag constitutes a security exposure. For most purposes, it is sufficient to display a checksum.

OPTIONS

-name <name of user>

Names the Authentication Database entry from which to display information.

-showkey

Displays the octal digits that constitute the key. The issuer must have the ADMIN flag on his or her Authentication Database entry.

-admin_username <admin principal>

Specifies the user identity under which to authenticate with the Authentication Server for execution of the command. For more details, see kas(8).

-password_for_admin <admin password>

Specifies the password of the command's issuer. If it is omitted (as recommended), the kas command interpreter prompts for it and does not echo it visibly. For more details, see kas(8).

-cell <cell name>

Names the cell in which to run the command. For more details, see kas(8).

-servers <authentication servers>+

Names each machine running an Authentication Server with which to establish a connection. For more details, see kas(8).

-noauth

Assigns the unprivileged identity anonymous to the issuer. For more details, see kas(8).

-help

Prints the online help for this command. All other valid options are ignored.

OUTPUT

The output includes:

EXAMPLES

The following example command shows the user smith displaying her own Authentication Database entry. Note the ADMIN flag, which shows that smith is privileged.

   % kas examine smith
   Password for smith:
   User data for smith (ADMIN)
    key (0) cksum is 3414844392,  last cpw: Thu Mar 25 16:05:44 1999
    password will expire:  Fri Apr 30 20:44:36 1999
    5 consecutive unsuccessful authentications are permitted.
    The lock time for this user is 25.5 minutes.
    User is not locked.
    entry never expires. Max ticket lifetime 100.00 hours.
    last mod on Tue Jan 5 08:22:29 1999 by admin
    permit password reuse

In the following example, the user pat examines his Authentication Database entry to determine when the account lockout currently in effect will end.

   % kas examine pat
   Password for pat:
   User data for pat
    key (0) cksum is 73829292912,  last cpw: Wed Apr 7 11:23:01 1999
    password will expire:  Fri  Jun 11 11:23:01 1999
    5 consecutive unsuccessful authentications are permitted.
    The lock time for this user is 25.5 minutes.
    User is locked until Tue Sep 21 12:25:07 1999
    entry expires on never. Max ticket lifetime 100.00 hours.
    last mod on Thu Feb 4 08:22:29 1999 by admin
    permit password reuse

In the following example, an administrator logged in as admin uses the -showkey flag to display the octal digits that constitute the key in the afs entry.

   % kas examine -name afs -showkey
   Password for admin: I<admin_password>
   User data for afs
    key (12): \357\253\304\352\234\236\253\352, last cpw: no date
    entry never expires. Max ticket lifetime 100.00 hours.
    last mod on Thu Mar 25 14:53:29 1999 by admin
    permit password reuse

PRIVILEGE REQUIRED

A user can examine his or her own entry. To examine others' entries or to include the -showkey flag, the issuer must have the ADMIN flag set in his or her Authentication Database entry.

SEE ALSO

bos_addkey(8), bos_listkeys(8), bos_setauth(8), kas(8), kas_setfields(8), kas_setpassword(8), kas_unlock(8), klog(1), kpasswd(1)

COPYRIGHT

IBM Corporation 2000. <http://www.ibm.com/> All Rights Reserved.

This documentation is covered by the IBM Public License Version 1.0. It was converted from HTML to POD by software written by Chas Williams and Russ Allbery, based on work by Alf Wachsmann and Elizabeth Cassell.