krbdev Digest, Vol 38, Issue 5

Henry B. Hotz hotz at
Thu Feb 9 14:02:50 EST 2006

On Feb 9, 2006, at 9:01 AM, krbdev-request at wrote:

> 6) Following are the data which are already logged in the file:
>     Starting, stopping the services. TGT/TGS requests and Password
> changes.
> 7) Following are the data to be audited in addition to the above:
>     Service Tickets issued for a particular TGT, cross realm tickets -
> hosts involved, ticket information

So these are the things you want to audit?  I suggest that ticket  
lifetime be included in the information on issued tickets.

As long as the information is available I don't see the log file  
format as that big a deal.  Parsers might be easier than a plugin to  

For 4) ii) I note that there are a couple of open-source DBMS's,  
PostgreSQL and MySQL, that probably don't have the licensing issues  
you're worried about.  The former supports K5 directly and I believe  
the latter supports SASL/GSSAPI.
The opinions expressed in this message are mine,
not those of Caltech, JPL, NASA, or the US Government.
Henry.B.Hotz at, or hbhotz at

More information about the krbdev mailing list