Auditing Feature in Kerberos
hartmans at MIT.EDU
Mon Feb 13 06:50:14 EST 2006
>>>>> "K" == K G Gokulavasan <kgokulavasan at novell.com> writes:
K> Hi, We thought of using Berkeley DB since it was already used
K> by KDC.
So, newer versions of the berkeley db code cannot be used because of
licensing issues. The main problem is that it would create problems
for people like Sun who do not always distribute source.
K> But if it has licensing issues, which other databases
K> can be used? or shall we go for file based audit log?
I think MIT would probably not be interested in a db-based audit log
unless there is significantly more demand than we've seen on the list.
We'd be happy to accept a plugin interface for audit logs and if you
managed to define the plugin interface so that it did not depend on
k5-int.h then third parties could easily distribute audit plugins for
their favorite databasess.
We would be happy to accept a file log plugin that did not introduce
significant new build dependencies.
we would consider but might well reject a file plugin that introduced
a build dependency on an XML library.
We're working on an example of a plugin interface that does not depend
on k5-int.h. Ken's branch is evolving in that direction.
More information about the krbdev