[31952] in Kerberos


home	help	back	first	fref	pref	prev	next	nref	lref	last	post

find inactive accounts

daemon@ATHENA.MIT.EDU (Steve Glasser)
Wed Jan 20 00:41:32 2010

MIME-Version: 1.0
Date: Tue, 19 Jan 2010 21:41:21 -0800
Message-ID: <c789fd71001192141q7d0be6a7vb96febc25157c457@mail.gmail.com>
From: Steve Glasser <sgla9347@gmail.com>
To: Kerberos@mit.edu
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Errors-To: kerberos-bounces@mit.edu

Hi list,

For PCI reasons I have to report all accounts which have been inactive
(i.e. no logins) for three months.  The goal here is to automate the
process...

I know I can get users and login dates from krb5kdc.log, and I can
find the last login date.  However Kerberos logs dates as "month day",
so to do date math for dates going back into last year is awkward at
best.  So...

a) can I configure Kerberos to log "month day year"?
b) is there a better way to do this audit?

Thanks,

-- 
Steve Glasser
sgla9347@gmail.com
________________________________________________
Kerberos mailing list           Kerberos@mit.edu
https://mailman.mit.edu/mailman/listinfo/kerberos


home	help	back	first	fref	pref	prev	next	nref	lref	last	post

[31952] in Kerberos

find inactive accounts

daemon@ATHENA.MIT.EDU (Steve Glasser)Wed Jan 20 00:41:32 2010

daemon@ATHENA.MIT.EDU (Steve Glasser)
Wed Jan 20 00:41:32 2010