KDC Audit project

Zhanna Tsitkov tsitkova at MIT.EDU
Mon Jan 7 14:25:10 EST 2013 

On Jan 7, 2013, at 2:02 PM, Dmitri Pal wrote:

> On 01/07/2013 12:19 PM, Zhanna Tsitkov wrote:
>> The project page for KDC Audit can be found at http://k5wiki.kerberos.org/wiki/Projects/Audit
>>
>> Zhanna Tsitkov
>> tsitkova at mit.edu
>>
>>
>>
>> _______________________________________________
>> krbdev mailing list             krbdev at mit.edu
>> https://mailman.mit.edu/mailman/listinfo/krbdev
>>
>>
>
> Sorry, this seems like a wrong approach to me.
> I would prefer to have a simple but more generic interface like:
>
> error krb_log_event(context ctx, kvp_list list)
>
> kvp_list can be list or a hash table. If you prefer list I suggest  
> using
> libcollection from ding-libs, it already does everything one needs for
> KVP lists. It can be JSON too BTW.
>
> There should be recognized and known keys like: type of the event
> (example KDC start/stop) and may be subtype (start or stop),  
> timestamp,
> principal operation is performed with etc.
>
> It will be up to the plugin to decide what to do with the data.
>
> Such approach would allow evolving the interface and adding more  
> data to
> the events over time without breaking the existing plugins.
> Approach listed on the page would make it very hard to evolve the
> interface on both sides, we effectively create a "one shot do it  
> right"
> which is always hard to accomplish.
>
> A generic interface is a bit more work but existing libraries help to
> reduce the cost of development.


As a matter of fact we have discussed exactly this approach inside the  
group.  However,  it was suggested that too generalized API is not a  
good idea because of possible confusion while debugging and/or   
collecting information to be reported.  Hence, one-api-per-event  
approach.
We will definitely revisit this topic. Thanks for the comment!

>
>
> -- 
> Thank you,
> Dmitri Pal
>
> Sr. Engineering Manager for IdM portfolio
> Red Hat Inc.
>
>
> -------------------------------
> Looking to carve out IT costs?
> www.redhat.com/carveoutcosts/
>
>
>
> _______________________________________________
> krbdev mailing list             krbdev at mit.edu
> https://mailman.mit.edu/mailman/listinfo/krbdev

Zhanna Tsitkov
tsitkova at mit.edu

More information about the krbdev mailing list