Auditing Feature in Kerberos
hartmans at MIT.EDU
Thu Mar 23 09:35:05 EST 2006
>>>>> "greg" == greg <greg at enjellic.com> writes:
greg> On Mar 22, 6:33am, "K.G. Gokulavasan" wrote: } Subject: Re:
greg> Auditing Feature in Kerberos
greg> Good morning to everyone.
>> I think auth_time + principal_name can be used to link the TGT
>> and service ticket issued by TGS. The same information can be
>> used for auditing. Is this fine or is there a better way to
>> link the TGT and service ticket issued by TGS?
greg> Place a hook in the AS_REQ/TGS_REQ routines. Define an
greg> ad_type to hold a serial number which gets incremented for
greg> each AS_REQ and returned in the TGT. Look for the serial
greg> number in the TGT when processing the TGS_REQ.
You could do this.
Why would you want to?
I believe that auth_time+principal_name is sufficient.
More information about the krbdev