Audit logging

Yegui Cai caiyegui at gmail.com
Thu Jun 20 15:36:41 EDT 2019


In my opinion, audit logging can be a subset of the loggings KDC has. But
sometimes, software can have audit loggings separately.

On Thu, Jun 20, 2019 at 1:40 PM Greg Hudson <ghudson at mit.edu> wrote:

> On 6/20/19 1:16 PM, Yegui Cai wrote:
> > Does KDC generate audit logs by any chance? If not, would there be any
> plan
> > to do so?
>
> The KDC currently generates log messages like this (for a successful
> AS-REQ):
>
> Jun 06 11:26:50 small-gods krb5kdc[14165](info): AS_REQ (8 etypes
> {aes256-cts-hmac-sha1-96(18), aes128-cts-hmac-sha1-96(17),
> aes256-cts-hmac-sha384-192(20), aes128-cts-hmac-sha256-128(19),
> DEPRECATED:des3-cbc-sha1(16), DEPRECATED:arcfour-hmac(23),
> camellia128-cts-cmac(25), camellia256-cts-cmac(26)}) 18.9.55.42: ISSUE:
> authtime 1559834810, etypes {rep=aes256-cts-hmac-sha1-96(18),
> tkt=aes256-cts-hmac-sha1-96(18), ses=aes256-cts-hmac-sha1-96(18)},
> user at KRBTEST.COM for krbtgt/KRBTEST.COM at KRBTEST.COM
>
> Where they go is determined by the [logging] section in kdc.conf, as
> described in
>
> http://web.mit.edu/kerberos/krb5-latest/doc/admin/conf_files/kdc_conf.html#logging
>
> If this is not what you mean, can you describe in more detail what you
> mean by audit logs, and how they would differ from the existing KDC logs?
>


More information about the Kerberos mailing list