Audit logging

Greg Hudson ghudson at mit.edu
Thu Jun 20 13:40:47 EDT 2019


On 6/20/19 1:16 PM, Yegui Cai wrote:
> Does KDC generate audit logs by any chance? If not, would there be any plan
> to do so?

The KDC currently generates log messages like this (for a successful
AS-REQ):

Jun 06 11:26:50 small-gods krb5kdc[14165](info): AS_REQ (8 etypes
{aes256-cts-hmac-sha1-96(18), aes128-cts-hmac-sha1-96(17),
aes256-cts-hmac-sha384-192(20), aes128-cts-hmac-sha256-128(19),
DEPRECATED:des3-cbc-sha1(16), DEPRECATED:arcfour-hmac(23),
camellia128-cts-cmac(25), camellia256-cts-cmac(26)}) 18.9.55.42: ISSUE:
authtime 1559834810, etypes {rep=aes256-cts-hmac-sha1-96(18),
tkt=aes256-cts-hmac-sha1-96(18), ses=aes256-cts-hmac-sha1-96(18)},
user at KRBTEST.COM for krbtgt/KRBTEST.COM at KRBTEST.COM

Where they go is determined by the [logging] section in kdc.conf, as
described in
http://web.mit.edu/kerberos/krb5-latest/doc/admin/conf_files/kdc_conf.html#logging

If this is not what you mean, can you describe in more detail what you
mean by audit logs, and how they would differ from the existing KDC logs?


More information about the Kerberos mailing list