Hi,

I got a question regarding integration of auditd on freeipa clients.

What I want to achieve is full audit logging, like auditd provides, on
the freeipa clients.

we tried to hook auditd up with the currently deployed ipa via kerberos,
but had no luck so far.

we tried to reuse the already present kerberos authentication
to transmit the auditdata in a secure way, but auditd needs the
principal name to be "host/$hostname@REALM"
whereas freeipa requires "$foo/$fqdn@REALM", so it seems we can't
use kerberos tickets from ipa?

(see also this ML Thread:
https://www.redhat.com/archives/freeipa-users/2014-August/msg00079.html)

it's very sad to see this divergent development, given that both
projects are heavily developed by redhat, maybe this can get fixed?
If I can help with this (even if you just need bug reports opened),
please tell me so.

In the mean time I would like to ask about the status of this project
page:

https://www.freeipa.org/page/Session_Recording

Is this already implemnted? So far I couldn't find any practical
examples on how to configure freeipa with auditd on freeipa clients :(

If you know of any other working solution, please share!

Thanks in advance

-- 
Mit freundlichen Grüßen / Regards

Sven Kieske

Systemadministrator

Mittwald CM Service GmbH & Co. KG
Königsberger Straße 6
32339 Espelkamp

T: +495772 293100
F: +495772 293333

https://www.mittwald.de

Geschäftsführer: Robert Meyer, Maik Behring

St.Nr.: 331/5721/1033, USt-IdNr.: DE814773217
HRA 6640, AG Bad Oeynhausen

Komplementärin: Robert Meyer Verwaltungs GmbH
HRB 13260, AG Bad Oeynhausen

Attachment: signature.asc
Description: This is a digitally signed message part

_______________________________________________
FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org
To unsubscribe send an email to freeipa-users-le...@lists.fedorahosted.org

Reply via email to