| < ad-keytab | Russ Allbery > Software > wallet | wallet-contacts > |
(Report which Kerberos v5 principals are in use)
used-principals [-ch] [-p list [-k domain]] [log ...]
used-principals scans an MIT Kerberos KDC log and reports on which
principals were used successfully. "Used" for this program means that the
principal either successfully requested a ticket or a service ticket was
successfully requested for that principal. The provided log files may be
regular files, files ending in .gz or .bz2 (which will be
uncompressed with gzip or bzip2), or - (indicating standard
input). If no log files are given on the command line, log entries will
be read from standard input.
All principals seen as active in the logs will be printed to standard output, one per line, unless the -p option was given. If -p was given, the logs will be scanned only for the principals listed in the file given as an argument to -p, and only principals from that file seen in the logs will be printed. This can be used to find which principals in a given set are active.
Instead of printing only an active principal, print the principal, a space, and the number of times that principal was seen in the logs (as either obtaining a ticket or having a ticket obtained for it).
Print out this documentation (which is done simply by feeding the script
to perldoc -t).
Meaningful only when used with the -p option, this option says to
interpret the principals listed in that file as Kerberos v4 principal
names instead of Kerberos v5 principal names. They will be converted to
the corresponding Kerberos v5 principals before scanning the logs.
domain is the local domain to append to host-based Kerberos v4
principals (such as rcmd.system, which becomes
host/system.domain).
Scan only for the principals listed in the file list and only report on principals found in that set.
The -4 option was implement for reporting around a specific transition at Stanford University and uses a hard-coded list of Kerberos v4 principals that should be considered host-based. It also makes other assumptions that could be specific for that one use. Using it for other purposes may require some tweaking.
Russ Allbery <eagle@eyrie.org>
| < ad-keytab | Russ Allbery > Software > wallet | wallet-contacts > |