KDC Audit project

Dmitri Pal dpal at redhat.com
Mon Jan 7 14:02:08 EST 2013

On 01/07/2013 12:19 PM, Zhanna Tsitkov wrote:
> The project page for KDC Audit can be found at http://k5wiki.kerberos.org/wiki/Projects/Audit
> Zhanna Tsitkov
> tsitkova at mit.edu
> _______________________________________________
> krbdev mailing list             krbdev at mit.edu
> https://mailman.mit.edu/mailman/listinfo/krbdev

Sorry, this seems like a wrong approach to me.
I would prefer to have a simple but more generic interface like:

error krb_log_event(context ctx, kvp_list list)

kvp_list can be list or a hash table. If you prefer list I suggest using
libcollection from ding-libs, it already does everything one needs for
KVP lists. It can be JSON too BTW.

There should be recognized and known keys like: type of the event
(example KDC start/stop) and may be subtype (start or stop), timestamp,
principal operation is performed with etc.

It will be up to the plugin to decide what to do with the data.

Such approach would allow evolving the interface and adding more data to
the events over time without breaking the existing plugins.
Approach listed on the page would make it very hard to evolve the
interface on both sides, we effectively create a "one shot do it right"
which is always hard to accomplish.

A generic interface is a bit more work but existing libraries help to
reduce the cost of development.

Thank you,
Dmitri Pal

Sr. Engineering Manager for IdM portfolio
Red Hat Inc.

Looking to carve out IT costs?

More information about the krbdev mailing list