Man page or keyword search:   man All Sections 1 - General Commands 2 - System Calls 3 - Subroutines, Functions 4 - Special Files 5 - File Formats 6 - Games and Screensavers 7 - Macros and Conventions 8 - Maintenence Commands 9 - Kernel Interface New Commands Server 4.4BSD AIX Alpinelinux Archlinux Aros BSDOS BSDi Bifrost CentOS Cygwin Darwin Debian DigitalUNIX DragonFly ElementaryOS Fedora FreeBSD Gentoo GhostBSD HP-UX Haiku Hurd IRIX Inferno JazzOS Kali Knoppix LinuxMint MacOSX Mageia Mandriva Manjaro Minix MirBSD NeXTSTEP NetBSD OPENSTEP OSF1 OpenBSD OpenDarwin OpenIndiana OpenMandriva OpenServer OpenSuSE OpenVMS Oracle PC-BSD Peanut Pidora Plan9 QNX Raspbian RedHat Scientific Slackware SmartOS Solaris SuSE SunOS Syllable Tru64 UNIXv7 Ubuntu Ultrix UnixWare Xenix YellowDog aLinux   26626 pages apropos Keyword Search (all sections) Output format html ascii pdf view pdf save postscript

BOS_LISTKEYS(8)		     AFS Command Reference	       BOS_LISTKEYS(8)

NAME
       bos_listkeys - Displays the server encryption keys from the KeyFile
       file

SYNOPSIS
       bos listkeys -server <machine name> [-showkey]
	   [-cell <cell name>] [-noauth] [-localauth] [-help]

       bos listk -se <machine name> [-sh] [-c <cell name>]
	   [-n] [-l] [-h]

DESCRIPTION
       The bos listkeys command formats and displays the list of server
       encryption keys from the /usr/afs/etc/KeyFile file on the server
       machine named by the -server argument.  It is equivalent to asetkey
       list, but can be run remotely.

       To edit the list of keys, use the asetkey command; see asetkey(8) for
       more information.  You can also remove keys remotely using the bos
       removekey command.  If you are using the Authentication Server
       (kaserver) rather than a Kerberos v5 KDC, use the bos addkey command
       instead of asetkey to add a new key.

CAUTIONS
       Displaying actual keys on the standard output stream (by including the
       -showkey flag) is a security exposure. Displaying a checksum is
       sufficient for most purposes.

OPTIONS
       -server <machine name>
	   Indicates the server machine from which to display the KeyFile
	   file. Identify the machine by IP address or its host name (either
	   fully-qualified or abbreviated unambiguously). For details, see
	   bos(8).

	   For consistent performance in the cell, the output must be the same
	   on every server machine.  asetkey(8) explains how to keep the
	   machines synchronized.

       -showkey
	   Displays the octal digits that constitute each key.	Anyone who has
	   access to the resulting output will have complete access to the AFS
	   cell and will be able to impersonate the AFS cell to any client, so
	   be very careful when using this option.

       -cell <cell name>
	   Names the cell in which to run the command. Do not combine this
	   argument with the -localauth flag. For more details, see bos(8).

       -noauth
	   Assigns the unprivileged identity "anonymous" to the issuer. Do not
	   combine this flag with the -localauth flag. For more details, see
	   bos(8).

       -localauth
	   Constructs a server ticket using a key from the local
	   /usr/afs/etc/KeyFile file. The bos command interpreter presents the
	   ticket to the BOS Server during mutual authentication. Do not
	   combine this flag with the -cell or -noauth options. For more
	   details, see bos(8).

       -help
	   Prints the online help for this command. All other valid options
	   are ignored.

OUTPUT
       The output includes one line for each server encryption key listed in
       the KeyFile file, identified by its key version number.

       If the -showkey flag is included, the output displays the actual string
       of eight octal numbers that constitute the key. Each octal number is a
       backslash and three decimal digits.

       If the -showkey flag is not included, the output represents each key as
       a checksum, which is a decimal number derived by encrypting a constant
       with the key.

       Following the list of keys or checksums, the string "Keys last changed"
       indicates when a key was last added to the KeyFile file. The words "All
       done" indicate the end of the output.

       For mutual authentication to work properly, the output from the command
       "kas examine afs" must match the key or checksum with the same key
       version number in the output from this command.

EXAMPLES
       The following example shows the checksums for the keys stored in the
       KeyFile file on the machine "fs3.abc.com".

	  % bos listkeys fs3.abc.com
	  key 1 has cksum 972037177
	  key 3 has cksum 2825175022
	  key 4 has cksum 260617746
	  key 6 has cksum 4178774593
	  Keys last changed on Mon Apr 12 11:24:46 1999.
	  All done.

       The following example shows the actual keys from the KeyFile file on
       the machine "fs6.abc.com".

	  % bos listkeys fs6.abc.com -showkey
	  key 0 is '\040\205\211\241\345\002\023\211'
	  key 1 is '\343\315\307\227\255\320\135\244'
	  key 2 is '\310\310\255\253\326\236\261\211'
	  Keys last changed on Wed Mar 31 11:24:46 1999.
	  All done.

PRIVILEGE REQUIRED
       The issuer must be listed in the /usr/afs/etc/UserList file on the
       machine named by the -server argument, or must be logged onto a server
       machine as the local superuser "root" if the -localauth flag is
       included.

SEE ALSO
       KeyFile(5), UserList(5), asetkey(8), bos_addkey(8), bos_removekey(8),
       bos_setauth(8), kas_examine(8)

COPYRIGHT
       IBM Corporation 2000. <http://www.ibm.com/> All Rights Reserved.

       This documentation is covered by the IBM Public License Version 1.0.
       It was converted from HTML to POD by software written by Chas Williams
       and Russ Allbery, based on work by Alf Wachsmann and Elizabeth Cassell.

OpenAFS				  2013-10-09		       BOS_LISTKEYS(8)

Vote for polarhome