MIT, Heimdal and Re: [PATCH] Log transaction and authentication durations.

Andrew Bartlett abartlet at
Wed Jun 20 17:35:43 UTC 2018

On Wed, 2018-06-20 at 09:23 -0700, Jeremy Allison wrote:
> Just a question. Did we consider this "experimental" audit functionality
> that is provided by the MIT kdc ?
> Is our Heimdal code compatible with this or could be made so ?

Andreas can speak to his own code but looking at this it appears not to
be that specific API:;a=commitdiff;h=31f63b4652f7d6903

Andreas was already having to extend the layer he was using for some
other things the Samba audit code was requiring, hence why I was trying
to give him a heads-up. 

In short, so far the audit code has been hooked around the 'good/bad
password' APIs as those get us access to the DB entries we need to log
things like SIDs (not in the layer you mention, which is more generic
but less useful to Samba). 

I wasn't really expecting this to be such a big drama!

Andrew Bartlett

Andrew Bartlett             
Authentication Developer, Samba Team
Samba Developer, Catalyst IT

More information about the samba-technical mailing list