Auditing Feature in Kerberos

Jeffrey Altman jaltman at MIT.EDU
Tue Jan 24 09:20:01 EST 2006


I believe what Henry Hotz is trying to ask is "what do you mean by an
auditing feature?"

The KDC already logs the incoming requests, the tickets issued and
the passwords changed.  Are you looking to log more data?   Or are
you looking to develop an API that will allow third parties to write
to the KDC logs?

Or perhaps you are looking to develop tools that post-process the
logs to perform analysis?

I do not believe you have made your intentions clear.

Jeffrey Altman

K.G. Gokulavasan wrote:
> Hi,
>    We want to audit the tickets issued(authentication) and the password
> management(Set/Change Password). Additionally we can consider auditing
> the ticket lifetime also.
> Regards,
>  Gokul.

More information about the krbdev mailing list