KDC Audit project

Dmitri Pal dpal at redhat.com
Mon Jan 7 15:01:29 EST 2013 

On 01/07/2013 02:25 PM, Zhanna Tsitkov wrote:
>
> On Jan 7, 2013, at 2:02 PM, Dmitri Pal wrote:
>
>> On 01/07/2013 12:19 PM, Zhanna Tsitkov wrote:
>>> The project page for KDC Audit can be found at
>>> http://k5wiki.kerberos.org/wiki/Projects/Audit
>>>
>>> Zhanna Tsitkov
>>> tsitkova at mit.edu
>>>
>>>
>>>
>>> _______________________________________________
>>> krbdev mailing list             krbdev at mit.edu
>>> https://mailman.mit.edu/mailman/listinfo/krbdev
>>>
>>>
>>
>> Sorry, this seems like a wrong approach to me.
>> I would prefer to have a simple but more generic interface like:
>>
>> error krb_log_event(context ctx, kvp_list list)
>>
>> kvp_list can be list or a hash table. If you prefer list I suggest using
>> libcollection from ding-libs, it already does everything one needs for
>> KVP lists. It can be JSON too BTW.
>>
>> There should be recognized and known keys like: type of the event
>> (example KDC start/stop) and may be subtype (start or stop), timestamp,
>> principal operation is performed with etc.
>>
>> It will be up to the plugin to decide what to do with the data.
>>
>> Such approach would allow evolving the interface and adding more data to
>> the events over time without breaking the existing plugins.
>> Approach listed on the page would make it very hard to evolve the
>> interface on both sides, we effectively create a "one shot do it right"
>> which is always hard to accomplish.
>>
>> A generic interface is a bit more work but existing libraries help to
>> reduce the cost of development.
>
>
> As a matter of fact we have discussed exactly this approach inside the
> group.  However,  it was suggested that too generalized API is not a
> good idea because of possible confusion while debugging and/or 
> collecting information to be reported.  Hence, one-api-per-event
> approach.
> We will definitely revisit this topic. Thanks for the comment!

It depends on the helpers you provide.
If you use JSON it is easy to print and visualize so it might be the
best of all approach.

>
>>
>>
>> -- 
>> Thank you,
>> Dmitri Pal
>>
>> Sr. Engineering Manager for IdM portfolio
>> Red Hat Inc.
>>
>>
>> -------------------------------
>> Looking to carve out IT costs?
>> www.redhat.com/carveoutcosts/
>>
>>
>>
>> _______________________________________________
>> krbdev mailing list             krbdev at mit.edu
>> https://mailman.mit.edu/mailman/listinfo/krbdev
>
> Zhanna Tsitkov
> tsitkova at mit.edu
>
>
>


-- 
Thank you,
Dmitri Pal

Sr. Engineering Manager for IdM portfolio
Red Hat Inc.


-------------------------------
Looking to carve out IT costs?
www.redhat.com/carveoutcosts/

More information about the krbdev mailing list