Audit logging
Greg Hudson
ghudson at mit.edu
Thu Jun 20 13:40:47 EDT 2019
On 6/20/19 1:16 PM, Yegui Cai wrote:
> Does KDC generate audit logs by any chance? If not, would there be any plan
> to do so?
The KDC currently generates log messages like this (for a successful
AS-REQ):
Jun 06 11:26:50 small-gods krb5kdc[14165](info): AS_REQ (8 etypes
{aes256-cts-hmac-sha1-96(18), aes128-cts-hmac-sha1-96(17),
aes256-cts-hmac-sha384-192(20), aes128-cts-hmac-sha256-128(19),
DEPRECATED:des3-cbc-sha1(16), DEPRECATED:arcfour-hmac(23),
camellia128-cts-cmac(25), camellia256-cts-cmac(26)}) 18.9.55.42: ISSUE:
authtime 1559834810, etypes {rep=aes256-cts-hmac-sha1-96(18),
tkt=aes256-cts-hmac-sha1-96(18), ses=aes256-cts-hmac-sha1-96(18)},
user at KRBTEST.COM for krbtgt/KRBTEST.COM at KRBTEST.COM
Where they go is determined by the [logging] section in kdc.conf, as
described in
http://web.mit.edu/kerberos/krb5-latest/doc/admin/conf_files/kdc_conf.html#logging
If this is not what you mean, can you describe in more detail what you
mean by audit logs, and how they would differ from the existing KDC logs?
More information about the Kerberos
mailing list