used-principals

(Report which Kerberos v5 principals are in use)

SYNOPSIS

used-principals [-ch] [-p list [-k domain]] [log ...]

DESCRIPTION

used-principals scans an MIT Kerberos KDC log and reports on which principals were used successfully. "Used" for this program means that the principal either successfully requested a ticket or a service ticket was successfully requested for that principal. The provided log files may be regular files, files ending in .gz or .bz2 (which will be uncompressed with gzip or bzip2), or - (indicating standard input). If no log files are given on the command line, log entries will be read from standard input.

All principals seen as active in the logs will be printed to standard output, one per line, unless the -p option was given. If -p was given, the logs will be scanned only for the principals listed in the file given as an argument to -p, and only principals from that file seen in the logs will be printed. This can be used to find which principals in a given set are active.

OPTIONS

-c, --count

Instead of printing only an active principal, print the principal, a space, and the number of times that principal was seen in the logs (as either obtaining a ticket or having a ticket obtained for it).

-h, --help

Print out this documentation (which is done simply by feeding the script to perldoc -t).

-k domain, --k4=domain, --kerberos4=domain

Meaningful only when used with the -p option, this option says to interpret the principals listed in that file as Kerberos v4 principal names instead of Kerberos v5 principal names. They will be converted to the corresponding Kerberos v5 principals before scanning the logs. domain is the local domain to append to host-based Kerberos v4 principals (such as rcmd.system, which becomes host/system.domain).

-p list, --principals=list

Scan only for the principals listed in the file list and only report on principals found in that set.

CAVEATS

The -4 option was implement for reporting around a specific transition at Stanford University and uses a hard-coded list of Kerberos v4 principals that should be considered host-based. It also makes other assumptions that could be specific for that one use. Using it for other purposes may require some tweaking.

AUTHOR

Russ Allbery <eagle@eyrie.org>

Last spun 2022-12-12 from POD modified 2018-06-03