Auditing Feature in Kerberos
Douglas E. Engert
deengert at anl.gov
Tue Jan 24 16:26:35 EST 2006
Sam Hartman wrote:
> I think that the big missing part of the current logging system that
> makes it hard to use for auditing is that it does not link service
> tickets that are issued by the TGS to the TGT used to issue them.
Cross realm auditing is also a problem, and identifing all the hosts
involved in delegation, even within the same realm.
> The other problem is that the format of the data cannot easily be
> parsed or stored in a database.
> krbdev mailing list krbdev at mit.edu
Douglas E. Engert <DEEngert at anl.gov>
Argonne National Laboratory
9700 South Cass Avenue
Argonne, Illinois 60439
More information about the krbdev