[PATCH] Log transaction and authentication durations.

Andreas Schneider asn at samba.org
Wed Jun 20 06:04:59 UTC 2018

On Wednesday, 20 June 2018 07:09:54 CEST Andrew Bartlett via samba-technical 
> On Wed, 2018-06-20 at 12:17 +1200, Gary Lockyer via samba-technical
> wrote:
> > Log the transaction duration and duration of NTLM and KDC
> > authentication. The DSDB audit logging tests should also be less flappy
> > due to the changes made.
> > 
> > Review and Push appreciated.
> Thanks Gary.  Reviewed-by: Andrew Bartlett <abartlet at samba.org>
> I take it from the above that you you meant to add your review to my
> patch?  I'll push when you confirm.
> Andreas:  Just a heads-up that this while I've confirmed this builds
> with MIT, you will probably need to take it into account when getting
> the auditing enabled for the MIT KDC.

Quoting you from the 'heimdal: lib/krb5: do not fail set_config_files due to 
parse error' thread:

    Once patches are in upstream git master (no need to wait for a release)
    they can be back-ported.  This helps for when I get back to updating
    our copy so we don't regress, so the effort is much appriciated.

The upstream hdb_auth_status callback takes 3 arguments, the one in the Samba 
code takes 7 arguments!

You're obviously already in the Kerberos business and maintain a fork of 
Heimdal! This seems to go in without any Heimdal upstream discussion if this 
feature for testing is worth changing the HDB API or if there are better ways.

I think we will just not have auth logging support with MIT Kerberos or as an 
untested feature.

Best regards,


Andreas Schneider                   GPG-ID: CC014E3D
Samba Team                             asn at samba.org

More information about the samba-technical mailing list