logo_kerberos.gif

Projects/Audit

From K5Wiki
< Projects
Revision as of 15:07, 3 July 2012 by Tsitkova (talk | contribs) (Project page skeleton.)

(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)
Jump to: navigation, search
This is an early stage project for MIT Kerberos. It is being fleshed out by its proponents. Feel free to help flesh out the details of this project. After the project is ready, it will be presented for review and approval.



Pluggability

  • Run-time pluggable. Registered via plugin framework. The "audit" subsection of [plugins] in kdc.conf points to the module.
  • Build-time enabled using --with-audit-pl configure flag.


Events

  • Ticket requested
  • Ticket issued
  • Ticket renewed
  • Ticket is forwardable
  • Constrained delegation
  • Service ticket requested
  • Service ticket renewed
  • Password modified
  • Password expired
  • KDC referral activity
  • Replay attack detected
  • Policy allowed/disallowed XYZ events

(When/if assigning the numbers to the events, consider using odd numbers for errors and other "bad" things and even numbers for informational messages.)


Requirements

  • Should be simple, so it could be easily replaced with the OS specific implementations.
  • If possible, make the log messages i18n-ready

Design details

We will use *libaudit* module available on Fedora, Debian, Suse for the first round.