[
https://bro-tracker.atlassian.net/browse/BIT-1369?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=20407#comment-20407
]
Vlad Grigorescu commented on BIT-1369:
--------------------------------------
> Mind if I rename the krb.log to kerberos.log?
I could go either way on this. KRB is a pretty common abbreviation for the
protocol (to use it, you need a krb5.conf, for example), but I can also see why
the full name would be clearer. Down the road, I'd like to add support for auth
mechanisms that use Kerberos as the underlying provider, and I envision
splitting the log into ticket issuance (krb_ticket) and ticket usage
(krb_auth), or something like that. It might make sense to go with kerberos.log
for now, and tackle that down the line. Whatever you think is best.
> The kinit.trace seems to trigger only 4 of the 10 krb_* events. How did you
> test the other ones? Any chance to get a trace for those as well?
I used some private PCAPs. I'll see if I can figure out how to generate those
events in my test environment, and will add another test.
> Kerberos Analyzer
> -----------------
>
> Key: BIT-1369
> URL: https://bro-tracker.atlassian.net/browse/BIT-1369
> Project: Bro Issue Tracker
> Issue Type: New Feature
> Components: Bro
> Affects Versions: 2.4
> Reporter: Vlad Grigorescu
> Assignee: Robin Sommer
> Fix For: 2.4
>
>
> topic/vladg/kerberos has a Kerberos analyzer.
--
This message was sent by Atlassian JIRA
(v6.5-OD-01-120#65000)
_______________________________________________
bro-dev mailing list
[email protected]
http://mailman.icsi.berkeley.edu/mailman/listinfo/bro-dev
