KDC Audit project
tsitkova at MIT.EDU
Mon Jan 7 14:25:10 EST 2013
On Jan 7, 2013, at 2:02 PM, Dmitri Pal wrote:
> On 01/07/2013 12:19 PM, Zhanna Tsitkov wrote:
>> The project page for KDC Audit can be found at http://k5wiki.kerberos.org/wiki/Projects/Audit
>> Zhanna Tsitkov
>> tsitkova at mit.edu
>> krbdev mailing list krbdev at mit.edu
> Sorry, this seems like a wrong approach to me.
> I would prefer to have a simple but more generic interface like:
> error krb_log_event(context ctx, kvp_list list)
> kvp_list can be list or a hash table. If you prefer list I suggest
> libcollection from ding-libs, it already does everything one needs for
> KVP lists. It can be JSON too BTW.
> There should be recognized and known keys like: type of the event
> (example KDC start/stop) and may be subtype (start or stop),
> principal operation is performed with etc.
> It will be up to the plugin to decide what to do with the data.
> Such approach would allow evolving the interface and adding more
> data to
> the events over time without breaking the existing plugins.
> Approach listed on the page would make it very hard to evolve the
> interface on both sides, we effectively create a "one shot do it
> which is always hard to accomplish.
> A generic interface is a bit more work but existing libraries help to
> reduce the cost of development.
As a matter of fact we have discussed exactly this approach inside the
group. However, it was suggested that too generalized API is not a
good idea because of possible confusion while debugging and/or
collecting information to be reported. Hence, one-api-per-event
We will definitely revisit this topic. Thanks for the comment!
> Thank you,
> Dmitri Pal
> Sr. Engineering Manager for IdM portfolio
> Red Hat Inc.
> Looking to carve out IT costs?
> krbdev mailing list krbdev at mit.edu
tsitkova at mit.edu
More information about the krbdev