krb_dbase - ASCII version of the Kerberos database
All of the Kerberos tools, including the daemon, access a version of the Kerberos database that is stored in an file. See the reference
page for more information. Files in format are not user readable. To examine the Kerberos database, it is necessary to convert the data-
base into an ASCII-formatted file with A file in format is an ASCII-formatted version of the Kerberos database.
Each line in a file lists the attributes associated with a single Kerberos principal. The following list describes the fields as they
appear from left to right in a file. A blank entry in the database is indicated by an asterisk (*).
Kerberos primary name: The primary name is the first part of the principal name that the line describes. It is usually equivalent to the
name of the application or user that is associated with the principal.
Kerberos instance name: The instance name is the second section of the principal name that the line describes. It is usually equivalent to
the name of the machine on which an application runs. If the primary name references a user, the instance name is blank.
Maximum ticket lifetime: The third entry is the maximum lifetime of a ticket produced for the principal by the ticket-granting service.
The number stored in the file indicates the number of 5-minute intervals for which the ticket is valid. For example, if the maximum ticket
lifetime of a principal is 10, any ticket that the principal acquires from the ticket-granting service will expire in a maximum of 50 min-
utes. The maximum ticket lifetime corresponds to a value of 255 (21 hours and 15 minutes).
Kerberos database key version: The master key of the Kerberos database is used to encrypt sections of the Kerberos database. This master
key can be changed. The fourth entry is the version number associated with the master key of the Kerberos database.
Principal key version: The key associated with the principal can also change. The fifth field records the version number of the key asso-
ciated with the principal.
Attributes: The attributes field is not currently used by the ULTRIX implementation of Kerberos. It should always be zero.
Key of the principal: The key of the principal is stored in the seventh and eighth fields. It is encrypted with the master database key.
Expiration time: The date on which the principal's entry in the Kerberos database will expire is stored in the ninth field. The first four
digits of the date indicate the year in which the entry will expire. The next two digits indicate the month, the seventh and eighth digits
indicate the day, and the last four digits indicate the hour and minute at which the entry will expire. For example, an entry of the form
198909171755 indicates that the principal's entry will expire on September 17, 1989 at 5:55 in the afternoon.
Modification time: The modification field stores the date on which the principal's entry in the Kerberos database was last changed. It is
stored in the same format as the expiration time.
Modifier's name: The eleventh field stores the name of the utility that last modified the principal's entry. Only and a blank entry are
possible in the modifier's name field. A blank entry indicates that the field was added by A modifier name field that states that the
entry was produced by indicates that the entry was added by when the database was created.
Modifier's instance: The twelfth field indicates the instance of the utility that last modified the principal's entry. This field is
The following is an example of an entry form of a file for host,
kprop cactus 255 2 1 0 8f68f19 a941c6d 200001010459 198909171755 * *
ndbm(3), kdb_init(8krb), kdb_edit(8krb), kdb_destroy(8krb), kdb_util(8krb)