[Bro-Dev] [JIRA] (BIT-1369) Kerberos Analyzer

Vlad Grigorescu (JIRA) jira at bro-tracker.atlassian.net
Mon Apr 20 17:20:00 PDT 2015

    [ https://bro-tracker.atlassian.net/browse/BIT-1369?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=20407#comment-20407 ] 

Vlad Grigorescu commented on BIT-1369:

> Mind if I rename the krb.log to kerberos.log?

I could go either way on this. KRB is a pretty common abbreviation for the protocol (to use it, you need a krb5.conf, for example), but I can also see why the full name would be clearer. Down the road, I'd like to add support for auth mechanisms that use Kerberos as the underlying provider, and I envision splitting the log into ticket issuance (krb_ticket) and ticket usage (krb_auth), or something like that. It might make sense to go with kerberos.log for now, and tackle that down the line. Whatever you think is best.

> The kinit.trace seems to trigger only 4 of the 10 krb_* events. How did you test the other ones? Any chance to get a trace for those as well?

I used some private PCAPs. I'll see if I can figure out how to generate those events in my test environment, and will add another test.

> Kerberos Analyzer
> -----------------
>                 Key: BIT-1369
>                 URL: https://bro-tracker.atlassian.net/browse/BIT-1369
>             Project: Bro Issue Tracker
>          Issue Type: New Feature
>          Components: Bro
>    Affects Versions: 2.4
>            Reporter: Vlad Grigorescu
>            Assignee: Robin Sommer
>             Fix For: 2.4
> topic/vladg/kerberos has a Kerberos analyzer.

This message was sent by Atlassian JIRA

More information about the bro-dev mailing list