MIT, Heimdal and Re: [PATCH] Log transaction and authentication durations.
Andrew Bartlett
abartlet at samba.org
Wed Jun 20 17:35:43 UTC 2018
On Wed, 2018-06-20 at 09:23 -0700, Jeremy Allison wrote:
>
> Just a question. Did we consider this "experimental" audit functionality
> that is provided by the MIT kdc ?
>
> http://k5wiki.kerberos.org/wiki/Projects/Audit
>
> Is our Heimdal code compatible with this or could be made so ?
Andreas can speak to his own code but looking at this it appears not to
be that specific API:
https://git.samba.org/?p=asn/samba.git;a=commitdiff;h=31f63b4652f7d6903
1a3764d43dbd1d72b95b314
in
https://git.samba.org/?p=asn/samba.git;a=shortlog;h=refs/heads/master-m
it-kdc-ok
Andreas was already having to extend the layer he was using for some
other things the Samba audit code was requiring, hence why I was trying
to give him a heads-up.
In short, so far the audit code has been hooked around the 'good/bad
password' APIs as those get us access to the DB entries we need to log
things like SIDs (not in the layer you mention, which is more generic
but less useful to Samba).
I wasn't really expecting this to be such a big drama!
Andrew Bartlett
--
Andrew Bartlett http://samba.org/~abartlet/
Authentication Developer, Samba Team http://samba.org
Samba Developer, Catalyst IT http://catalyst.net.nz/services/samba
More information about the samba-technical
mailing list