KDC Audit project
dpal at redhat.com
Tue Jan 8 19:58:07 EST 2013
On 01/08/2013 07:51 PM, Benjamin Kaduk wrote:
> On Tue, 8 Jan 2013, Dmitri Pal wrote:
>> On 01/08/2013 06:45 PM, Benjamin Kaduk wrote:
>>> The CEE initiative pointer is also helpful; we didn't attempt to survey
>>> even logging systems in our previous discussions. It did seem like the
>>> trend in libaudit consumers was towards defining lots of different
>>> routines, though.
>> Yes and this was evaluated later and agreed that it was kind of a
>> mistake and a wrong approach.
> Oh, interesting. Do you remember where these discussions occurred?
> It would probably be helpful for some of us to go over the archives.
They were internal between libaudit redhatters and IPA redhatters.
When we started looking at the Audit component of IPA the first thing we
looked is libaudit and after some triage and internal discussions saw a
lot of inflexibility in libaudit.
The result of these discussions is the emergence of ELAPI.
While it was abandoned as a project because of the emergence of the CEE
the concepts and ideas described on the ELAPI wiki are worth considering.
Adding data to the event or adding a new event with similar data but in
a different part of the code is not a rare use case.
In KDC case new authentication methods are added and there are a lot of
optional pieces of data that might not be needed at first but as use of
the method evolves the need emerges.
Sr. Engineering Manager for IdM portfolio
Red Hat Inc.
Looking to carve out IT costs?
More information about the krbdev