[Bro-Dev] [JIRA] (BIT-1369) Kerberos Analyzer
Vlad Grigorescu (JIRA)
jira at bro-tracker.atlassian.net
Mon Apr 20 17:20:00 PDT 2015
[ https://bro-tracker.atlassian.net/browse/BIT-1369?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=20407#comment-20407 ]
Vlad Grigorescu commented on BIT-1369:
> Mind if I rename the krb.log to kerberos.log?
I could go either way on this. KRB is a pretty common abbreviation for the protocol (to use it, you need a krb5.conf, for example), but I can also see why the full name would be clearer. Down the road, I'd like to add support for auth mechanisms that use Kerberos as the underlying provider, and I envision splitting the log into ticket issuance (krb_ticket) and ticket usage (krb_auth), or something like that. It might make sense to go with kerberos.log for now, and tackle that down the line. Whatever you think is best.
> The kinit.trace seems to trigger only 4 of the 10 krb_* events. How did you test the other ones? Any chance to get a trace for those as well?
I used some private PCAPs. I'll see if I can figure out how to generate those events in my test environment, and will add another test.
> Kerberos Analyzer
> Key: BIT-1369
> URL: https://bro-tracker.atlassian.net/browse/BIT-1369
> Project: Bro Issue Tracker
> Issue Type: New Feature
> Components: Bro
> Affects Versions: 2.4
> Reporter: Vlad Grigorescu
> Assignee: Robin Sommer
> Fix For: 2.4
> topic/vladg/kerberos has a Kerberos analyzer.
This message was sent by Atlassian JIRA
More information about the bro-dev