krb_dbase(5krb)krb_dbase(5krb)Namekrb_dbase - ASCII version of the Kerberos database
Description
All of the Kerberos tools, including the daemon, access a version of
the Kerberos database that is stored in an file. See the reference
page for more information. Files in format are not user readable. To
examine the Kerberos database, it is necessary to convert the database
into an ASCII-formatted file with A file in format is an ASCII-format‐
ted version of the Kerberos database.
Each line in a file lists the attributes associated with a single Ker‐
beros principal. The following list describes the fields as they
appear from left to right in a file. A blank entry in the database is
indicated by an asterisk (*).
Kerberos primary name: The primary name is the first part of the prin‐
cipal name that the line describes. It is usually equivalent to the
name of the application or user that is associated with the princi‐
pal.
Kerberos instance name: The instance name is the second section of the
principal name that the line describes. It is usually equivalent to
the name of the machine on which an application runs. If the primary
name references a user, the instance name is blank.
Maximum ticket lifetime: The third entry is the maximum lifetime of a
ticket produced for the principal by the ticket-granting service. The
number stored in the file indicates the number of 5-minute intervals
for which the ticket is valid. For example, if the maximum ticket
lifetime of a principal is 10, any ticket that the principal acquires
from the ticket-granting service will expire in a maximum of 50 min‐
utes. The maximum ticket lifetime corresponds to a value of 255 (21
hours and 15 minutes).
Kerberos database key version: The master key of the Kerberos database
is used to encrypt sections of the Kerberos database. This master key
can be changed. The fourth entry is the version number associated with
the master key of the Kerberos database.
Principal key version: The key associated with the principal can also
change. The fifth field records the version number of the key associ‐
ated with the principal.
Attributes: The attributes field is not currently used by the ULTRIX
implementation of Kerberos. It should always be zero.
Key of the principal: The key of the principal is stored in the seventh
and eighth fields. It is encrypted with the master database key.
Expiration time: The date on which the principal's entry in the Ker‐
beros database will expire is stored in the ninth field. The first
four digits of the date indicate the year in which the entry will
expire. The next two digits indicate the month, the seventh and eighth
digits indicate the day, and the last four digits indicate the hour and
minute at which the entry will expire. For example, an entry of the
form 198909171755 indicates that the principal's entry will expire on
September 17, 1989 at 5:55 in the afternoon.
Modification time: The modification field stores the date on which the
principal's entry in the Kerberos database was last changed. It is
stored in the same format as the expiration time.
Modifier's name: The eleventh field stores the name of the utility that
last modified the principal's entry. Only and a blank entry are possi‐
ble in the modifier's name field. A blank entry indicates that the
field was added by A modifier name field that states that the entry was
produced by indicates that the entry was added by when the database was
created.
Modifier's instance: The twelfth field indicates the instance of the
utility that last modified the principal's entry. This field is always
blank.
Examples
The following is an example of an entry form of a file for host,
kprop cactus 255 2 1 0 8f68f19 a941c6d 200001010459 198909171755 * *
FilesSee Alsondbm(3), kdb_init(8krb), kdb_edit(8krb), kdb_destroy(8krb),
kdb_util(8krb)krb_dbase(5krb)