krbdev Digest, Vol 38, Issue 5
Henry B. Hotz
hotz at jpl.nasa.gov
Thu Feb 9 14:02:50 EST 2006
On Feb 9, 2006, at 9:01 AM, krbdev-request at mit.edu wrote:
> 6) Following are the data which are already logged in the file:
> Starting, stopping the services. TGT/TGS requests and Password
> changes.
>
> 7) Following are the data to be audited in addition to the above:
> Service Tickets issued for a particular TGT, cross realm tickets -
> hosts involved, ticket information
So these are the things you want to audit? I suggest that ticket
lifetime be included in the information on issued tickets.
As long as the information is available I don't see the log file
format as that big a deal. Parsers might be easier than a plugin to
write/debug.
For 4) ii) I note that there are a couple of open-source DBMS's,
PostgreSQL and MySQL, that probably don't have the licensing issues
you're worried about. The former supports K5 directly and I believe
the latter supports SASL/GSSAPI.
------------------------------------------------------------------------
----
The opinions expressed in this message are mine,
not those of Caltech, JPL, NASA, or the US Government.
Henry.B.Hotz at jpl.nasa.gov, or hbhotz at oxy.edu
More information about the krbdev
mailing list