[PATCH] Log transaction and authentication durations.
Andreas Schneider
asn at samba.org
Wed Jun 20 06:04:59 UTC 2018
On Wednesday, 20 June 2018 07:09:54 CEST Andrew Bartlett via samba-technical
wrote:
> On Wed, 2018-06-20 at 12:17 +1200, Gary Lockyer via samba-technical
>
> wrote:
> > Log the transaction duration and duration of NTLM and KDC
> > authentication. The DSDB audit logging tests should also be less flappy
> > due to the changes made.
> >
> > Review and Push appreciated.
>
> Thanks Gary. Reviewed-by: Andrew Bartlett <abartlet at samba.org>
>
> I take it from the above that you you meant to add your review to my
> patch? I'll push when you confirm.
>
> Andreas: Just a heads-up that this while I've confirmed this builds
> with MIT, you will probably need to take it into account when getting
> the auditing enabled for the MIT KDC.
Quoting you from the 'heimdal: lib/krb5: do not fail set_config_files due to
parse error' thread:
Once patches are in upstream git master (no need to wait for a release)
they can be back-ported. This helps for when I get back to updating
our copy so we don't regress, so the effort is much appriciated.
The upstream hdb_auth_status callback takes 3 arguments, the one in the Samba
code takes 7 arguments!
You're obviously already in the Kerberos business and maintain a fork of
Heimdal! This seems to go in without any Heimdal upstream discussion if this
feature for testing is worth changing the HDB API or if there are better ways.
I think we will just not have auth logging support with MIT Kerberos or as an
untested feature.
Best regards,
Andreas
--
Andreas Schneider GPG-ID: CC014E3D
Samba Team asn at samba.org
www.samba.org
More information about the samba-technical
mailing list