Auditing Feature in Kerberos

Douglas E. Engert deengert at
Tue Jan 24 16:26:35 EST 2006

Sam Hartman wrote:

> I think that the big missing part of the current logging system that
> makes it hard to use for auditing is that it does not link service
> tickets that are issued by the TGS to the TGT used to issue them.

Cross realm auditing is also a problem, and identifing all the hosts
involved in delegation, even within the same realm.

> The other problem is that the format of the data cannot easily be
> parsed or stored in a database.
> --Sam
> _______________________________________________
> krbdev mailing list             krbdev at


  Douglas E. Engert  <DEEngert at>
  Argonne National Laboratory
  9700 South Cass Avenue
  Argonne, Illinois  60439
  (630) 252-5444

More information about the krbdev mailing list