Auditing Feature in Kerberos
jaltman at MIT.EDU
Thu Mar 23 22:50:23 EST 2006
greg at enjellic.com wrote:
> It may be but it does fail a direct correllation requirement. If the
> IP address is implemented in the payload the ad_data strategy also
> allows pinning the audit trail to the KDC which issued the ticket.
> It all comes down to whether or not it is sufficient to answer the
> audit question with 'we think it might be' or 'it is'.
> I have found that people concerned with audit trails can be
> surprisingly pedantic in their assurance requirements.
Which is why I recommended the items I suggested a couple of days
ago including logging hashes of the tickets that are issued and received
as part of the transactions. I don't think we need a new identifier.
More information about the krbdev