Auditing Feature in Kerberos

[Sam Hartman]

>>>>> "Jeffrey" == Jeffrey Altman <jaltman at MIT.EDU> writes:

    Jeffrey> Sam Hartman wrote:
    >> I think that the big missing part of the current logging system
    >> that makes it hard to use for auditing is that it does not link
    >> service tickets that are issued by the TGS to the TGT used to
    >> issue them.
    >> 
    >> The other problem is that the format of the data cannot easily
    >> be parsed or stored in a database.
    >> 
    >> --Sam

    Jeffrey> Are you therefore looking to alter the existing log
    Jeffrey> format or to add a new interface that would allow for
    Jeffrey> direct to database writes of log data?

All of the following seem plausable:

1) a plugin interface for auditing

2) An additional XML log format (assuming limited additional
   dependencies; perhaps hand-generated xml)

3)  altered log format.

--Sam