Auditing Feature in Kerberos
Nicolas Williams
Nicolas.Williams at sun.com
Tue Apr 4 14:50:44 EDT 2006
On Tue, Apr 04, 2006 at 06:49:16AM -0400, K.G. Gokulavasan wrote:
> Hi,
> The scenario where auth_time + principal_name won't be sufficient to
> link TGT with TGS will be the same principal having requested for 2 TGTs
> at the same time. Either the request can be from the same host or
> different hosts. Adding client host address to auth_time +
> principal_name will help in linking the TGT with TGS when the requests
> are from different hosts. So the left out one is the same principal
> requesting for 2 TGTs at the same time from the same host. I feel this
> is not a common scenario and auth_time + principal_name +
> client_host_address should be sufficient.
But that's not enough either, particularly in an authorization-data-rich
world.
OTOH, you can't audit all possibly relevant bits of data about a
request, since that may amount to too much of the request itself.
I wish initial tickets had some ticket ID that could be referenced by
subsequent non-initial tickets and which could be used to tie audit
trails together. But a Ticket fingerprint will probably do just fine.
Nico
--
More information about the krbdev
mailing list