On 06/03/2013 02:23 PM, Aly Khimji wrote: > Quick questions guys, > > can you advise if there is a particular place(s) successful and failed > users authentication is logged? I know from local users I can go > through the 389 access logs, but for trust based users can you advise > where I would look? I know i see a proper ticket issued in krb5kdc > logs, but mainly for failed logins.
What is the scenario? Is this: user from AD logs into a Linux system that is joined into IPA via SSSD? In this case the authentication happens in AD so the audit trail will be there. Once this user tries to access a resource in IPA domain there will be a record of issuing this user a service ticket in the kerberos log. The users always get TGTs from the domain they belong to so the record will be in the log of the corresponding KDC. > > Thx > > Aly > > > _______________________________________________ > Freeipa-users mailing list > Freeipaemail@example.com > https://www.redhat.com/mailman/listinfo/freeipa-users -- Thank you, Dmitri Pal Sr. Engineering Manager for IdM portfolio Red Hat Inc. ------------------------------- Looking to carve out IT costs? www.redhat.com/carveoutcosts/
_______________________________________________ Freeipa-users mailing list Freeipafirstname.lastname@example.org https://www.redhat.com/mailman/listinfo/freeipa-users