Man Linux: Main Page and Category List


       bos_listkeys - Displays the server encryption keys from the KeyFile


       bos listkeys -server <machine name> [-showkey]
           [-cell <cell name>] [-noauth] [-localauth] [-help]

       bos listk -se <machine name> [-sh] [-c <cell name>]
           [-n] [-l] [-h]


       The bos listkeys command formats and displays the list of server
       encryption keys from the /etc/openafs/server/KeyFile file on the server
       machine named by the -server argument.

       To edit the list of keys, use the bos addkey and bos removekey


       Displaying actual keys on the standard output stream (by including the
       -showkey flag) is a security exposure. Displaying a checksum is
       sufficient for most purposes.


       -server <machine name>
           Indicates the server machine from which to display the KeyFile
           file. Identify the machine by IP address or its host name (either
           fully-qualified or abbreviated unambiguously). For details, see

           For consistent performance in the cell, the output must be the same
           on every server machine. The bos addkey reference page explains how
           to keep the machines synchronized.

           Displays the octal digits that constitute each key.

       -cell <cell name>
           Names the cell in which to run the command. Do not combine this
           argument with the -localauth flag. For more details, see bos(8).

           Assigns the unprivileged identity "anonymous" to the issuer. Do not
           combine this flag with the -localauth flag. For more details, see

           Constructs a server ticket using a key from the local
           /etc/openafs/server/KeyFile file. The bos command interpreter
           presents the ticket to the BOS Server during mutual authentication.
           Do not combine this flag with the -cell or -noauth options. For
           more details, see bos(8).

           Prints the online help for this command. All other valid options
           are ignored.


       The output includes one line for each server encryption key listed in
       the KeyFile file, identified by its key version number.

       If the -showkey flag is included, the output displays the actual string
       of eight octal numbers that constitute the key. Each octal number is a
       backslash and three decimal digits.

       If the -showkey flag is not included, the output represents each key as
       a checksum, which is a decimal number derived by encrypting a constant
       with the key.

       Following the list of keys or checksums, the string "Keys last changed"
       indicates when a key was last added to the KeyFile file. The words "All
       done" indicate the end of the output.

       For mutual authentication to work properly, the output from the command
       "kas examine afs" must match the key or checksum with the same key
       version number in the output from this command.


       The following example shows the checksums for the keys stored in the
       KeyFile file on the machine "".

          % bos listkeys
          key 1 has cksum 972037177
          key 3 has cksum 2825175022
          key 4 has cksum 260617746
          key 6 has cksum 4178774593
          Keys last changed on Mon Apr 12 11:24:46 1999.
          All done.

       The following example shows the actual keys from the KeyFile file on
       the machine "".

          % bos listkeys -showkey
          key 0 is '\040\205\211\241\345\002\023\211'
          key 1 is '\343\315\307\227\255\320\135\244'
          key 2 is '\310\310\255\253\326\236\261\211'
          Keys last changed on Wed Mar 31 11:24:46 1999.
          All done.


       The issuer must be listed in the /etc/openafs/server/UserList file on
       the machine named by the -server argument, or must be logged onto a
       server machine as the local superuser "root" if the -localauth flag is


       KeyFile(5), UserList(5), bos_addkey(8), bos_removekey(8),
       bos_setauth(8), kas_examine(8)


       IBM Corporation 2000. <> All Rights Reserved.

       This documentation is covered by the IBM Public License Version 1.0.
       It was converted from HTML to POD by software written by Chas Williams
       and Russ Allbery, based on work by Alf Wachsmann and Elizabeth Cassell.