Hi, I got a question regarding integration of auditd on freeipa clients.
What I want to achieve is full audit logging, like auditd provides, on the freeipa clients. we tried to hook auditd up with the currently deployed ipa via kerberos, but had no luck so far. we tried to reuse the already present kerberos authentication to transmit the auditdata in a secure way, but auditd needs the principal name to be "host/$hostname@REALM" whereas freeipa requires "$foo/$fqdn@REALM", so it seems we can't use kerberos tickets from ipa? (see also this ML Thread: https://www.redhat.com/archives/freeipa-users/2014-August/msg00079.html) it's very sad to see this divergent development, given that both projects are heavily developed by redhat, maybe this can get fixed? If I can help with this (even if you just need bug reports opened), please tell me so. In the mean time I would like to ask about the status of this project page: https://www.freeipa.org/page/Session_Recording Is this already implemnted? So far I couldn't find any practical examples on how to configure freeipa with auditd on freeipa clients :( If you know of any other working solution, please share! Thanks in advance -- Mit freundlichen Grüßen / Regards Sven Kieske Systemadministrator Mittwald CM Service GmbH & Co. KG Königsberger Straße 6 32339 Espelkamp T: +495772 293100 F: +495772 293333 https://www.mittwald.de Geschäftsführer: Robert Meyer, Maik Behring St.Nr.: 331/5721/1033, USt-IdNr.: DE814773217 HRA 6640, AG Bad Oeynhausen Komplementärin: Robert Meyer Verwaltungs GmbH HRB 13260, AG Bad Oeynhausen
Description: This is a digitally signed message part
_______________________________________________ FreeIPA-users mailing list -- email@example.com To unsubscribe send an email to freeipa-users-le...@lists.fedorahosted.org