Auditing Feature in Kerberos

Sam Hartman hartmans at MIT.EDU
Tue Jan 24 15:56:47 EST 2006

>>>>> "Jeffrey" == Jeffrey Altman <jaltman at MIT.EDU> writes:

    Jeffrey> Sam Hartman wrote:
    >> I think that the big missing part of the current logging system
    >> that makes it hard to use for auditing is that it does not link
    >> service tickets that are issued by the TGS to the TGT used to
    >> issue them.
    >> The other problem is that the format of the data cannot easily
    >> be parsed or stored in a database.
    >> --Sam

    Jeffrey> Are you therefore looking to alter the existing log
    Jeffrey> format or to add a new interface that would allow for
    Jeffrey> direct to database writes of log data?

All of the following seem plausable:

1) a plugin interface for auditing

2) An additional XML log format (assuming limited additional
   dependencies; perhaps hand-generated xml)

3)  altered log format.


More information about the krbdev mailing list