[38554] in Kerberos
Re: Audit logging
daemon@ATHENA.MIT.EDU (Greg Hudson)
Thu Jun 20 13:41:08 2019
To: Yegui Cai <caiyegui@gmail.com>, <kerberos@mit.edu>
From: Greg Hudson <ghudson@mit.edu>
Message-ID: <9cc54d19-46c8-fd43-b1bf-a4dd25492409@mit.edu>
Date: Thu, 20 Jun 2019 13:40:47 -0400
MIME-Version: 1.0
In-Reply-To: <CAJYMFR74VQRfrZhf7_Srtv+wwYf4L55OWgKNZid2aBi4_X1z6A@mail.gmail.com>
Content-Language: en-US
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Errors-To: kerberos-bounces@mit.edu
On 6/20/19 1:16 PM, Yegui Cai wrote:
> Does KDC generate audit logs by any chance? If not, would there be any plan
> to do so?
The KDC currently generates log messages like this (for a successful
AS-REQ):
Jun 06 11:26:50 small-gods krb5kdc[14165](info): AS_REQ (8 etypes
{aes256-cts-hmac-sha1-96(18), aes128-cts-hmac-sha1-96(17),
aes256-cts-hmac-sha384-192(20), aes128-cts-hmac-sha256-128(19),
DEPRECATED:des3-cbc-sha1(16), DEPRECATED:arcfour-hmac(23),
camellia128-cts-cmac(25), camellia256-cts-cmac(26)}) 18.9.55.42: ISSUE:
authtime 1559834810, etypes {rep=aes256-cts-hmac-sha1-96(18),
tkt=aes256-cts-hmac-sha1-96(18), ses=aes256-cts-hmac-sha1-96(18)},
user@KRBTEST.COM for krbtgt/KRBTEST.COM@KRBTEST.COM
Where they go is determined by the [logging] section in kdc.conf, as
described in
http://web.mit.edu/kerberos/krb5-latest/doc/admin/conf_files/kdc_conf.html#logging
If this is not what you mean, can you describe in more detail what you
mean by audit logs, and how they would differ from the existing KDC logs?
________________________________________________
Kerberos mailing list Kerberos@mit.edu
https://mailman.mit.edu/mailman/listinfo/kerberos
