"last log" and other information tracking - Kerberos

This is a discussion on "last log" and other information tracking - Kerberos ; Greetings all! I'm having trouble finding the answer to a problem I'm having... Basically, when I do a "getprinc username" through kadmin, I get: kadmin: getprinc user Principal: user@DOMAIN.COM Expiration date: [never] Last password change: Fri Jul 21 16:26:28 PDT ...

+ Reply to Thread
Results 1 to 4 of 4

Thread: "last log" and other information tracking

  1. "last log" and other information tracking

    Greetings all!

    I'm having trouble finding the answer to a problem I'm having...
    Basically, when I do a "getprinc username" through kadmin, I get:

    kadmin: getprinc user
    Principal: user@DOMAIN.COM
    Expiration date: [never]
    Last password change: Fri Jul 21 16:26:28 PDT 2006
    Password expiration date: [none]
    Maximum ticket life: 1 day 00:00:00
    Maximum renewable life: 0 days 00:00:00
    Last modified: Fri Jul 21 16:26:28 PDT 2006 (admin/admin@DOMAIN.COM)
    Last successful authentication: [never]
    Last failed authentication: [never]
    Failed password attempts: 0
    Number of keys: 6
    Key: vno 4, Triple DES cbc mode with HMAC/sha1, no salt
    Key: vno 4, ArcFour with HMAC/md5, no salt
    Key: vno 4, DES with HMAC/sha1, no salt
    Key: vno 4, DES cbc mode with RSA-MD5, no salt
    Key: vno 4, DES cbc mode with CRC-32, Version 4
    Key: vno 4, DES cbc mode with CRC-32, AFS version 3
    Attributes:
    Policy: [none]
    kadmin:

    Note that it says "Last successful authentication: [never]" and "Last
    failed authentication: [never]". That user has in fact authenticated
    many times, and has failed a few too. Is there a way I can get that
    information to be logged so it will show up with the above "getprinc
    user" command? I've looked through the "logging" documentation but am
    stumped... Thanks in advance for any advice!

    ciao, erich
    ________________________________________________
    Kerberos mailing list Kerberos@mit.edu
    https://mailman.mit.edu/mailman/listinfo/kerberos


  2. Re: "last log" and other information tracking

    >
    > Greetings all!
    > I'm having trouble finding the answer to a problem I'm having...
    > Basically, when I do a "getprinc username" through kadmin, I get:
    >
    > kadmin: getprinc user
    > Principal: user@DOMAIN.COM
    > Expiration date: [never]
    > Last password change: Fri Jul 21 16:26:28 PDT 2006
    > Password expiration date: [none]
    > Maximum ticket life: 1 day 00:00:00
    > Maximum renewable life: 0 days 00:00:00
    > Last modified: Fri Jul 21 16:26:28 PDT 2006 (admin/admin@DOMAIN.COM)
    > Last successful authentication: [never]
    > Last failed authentication: [never]
    > Failed password attempts: 0
    > Number of keys: 6
    > Key: vno 4, Triple DES cbc mode with HMAC/sha1, no salt
    > Key: vno 4, ArcFour with HMAC/md5, no salt
    > Key: vno 4, DES with HMAC/sha1, no salt
    > Key: vno 4, DES cbc mode with RSA-MD5, no salt
    > Key: vno 4, DES cbc mode with CRC-32, Version 4
    > Key: vno 4, DES cbc mode with CRC-32, AFS version 3
    > Attributes:
    > Policy: [none]
    > kadmin:
    >
    > Note that it says "Last successful authentication: [never]" and "Last
    > failed authentication: [never]". That user has in fact authenticated
    > many times, and has failed a few too. Is there a way I can get that
    > information to be logged so it will show up with the above "getprinc
    > user" command? I've looked through the "logging" documentation but am
    > stumped... Thanks in advance for any advice!


    I'm just guessing at this one, but I note that this principal does not
    require preauthentication. In this, case the client does not actually
    authenticate itself to the KDC at all: the KDC simply sends out the
    encrypted TGT and relies on the fact that only the intended principal
    can decrypt it. Hence, I would expect these counters to remain zero.

    --
    Richard Silverman
    res@qoxp.net


  3. Re: "last log" and other information tracking

    In article <44C90502.3090201@soe.ucsc.edu>,
    weiler@soe.ucsc.edu (Erich Weiler) wrote:

    > I'm having trouble finding the answer to a problem I'm having...
    > Basically, when I do a "getprinc username" through kadmin, I get:


    > Last successful authentication: [never]
    > Last failed authentication: [never]
    > Failed password attempts: 0


    > ... That user has in fact authenticated
    > many times, and has failed a few too. Is there a way I can get that
    > information to be logged so it will show up with the above "getprinc
    > user" command? I've looked through the "logging" documentation but am
    > stumped... Thanks in advance for any advice!


    I can top that - my own account is similarly 0 on all
    counts, and I've been using it for a decade.

    The way I vaguely remember it, that may be a build
    option. And one that's not often exercised, because
    it would mean a write to the database for every TGS.
    That would slow down the present request, but worse
    would lock out others and performance is bound to
    suffer.

    Try it if you want (if you can figure out how), but
    it might be just as well to get this kind of information
    from syslog extracts. That's more flexible - you can
    search for failure rates, number of failures between
    successes, failures since last change, etc.

    Donn Cave, donn@u.washington.edu

  4. Re: "last log" and other information tracking

    Hi Richard,

    Yes, I just read somewhere that pre-auth was required... But I tried
    adding a user as such:

    kadmin: addprinc +require_preauth username

    and then authenticated somewhere as the user and it didn't seem to make
    a difference... Is my syntax wrong maybe? Or am I maybe missing some
    steps?

    Thanks for replying!

    ciao, erich

    Richard E. Silverman wrote:
    >> Greetings all!
    >> I'm having trouble finding the answer to a problem I'm having...
    >> Basically, when I do a "getprinc username" through kadmin, I get:
    >>
    >> kadmin: getprinc user
    >> Principal: user@DOMAIN.COM
    >> Expiration date: [never]
    >> Last password change: Fri Jul 21 16:26:28 PDT 2006
    >> Password expiration date: [none]
    >> Maximum ticket life: 1 day 00:00:00
    >> Maximum renewable life: 0 days 00:00:00
    >> Last modified: Fri Jul 21 16:26:28 PDT 2006 (admin/admin@DOMAIN.COM)
    >> Last successful authentication: [never]
    >> Last failed authentication: [never]
    >> Failed password attempts: 0
    >> Number of keys: 6
    >> Key: vno 4, Triple DES cbc mode with HMAC/sha1, no salt
    >> Key: vno 4, ArcFour with HMAC/md5, no salt
    >> Key: vno 4, DES with HMAC/sha1, no salt
    >> Key: vno 4, DES cbc mode with RSA-MD5, no salt
    >> Key: vno 4, DES cbc mode with CRC-32, Version 4
    >> Key: vno 4, DES cbc mode with CRC-32, AFS version 3
    >> Attributes:
    >> Policy: [none]
    >> kadmin:
    >>
    >> Note that it says "Last successful authentication: [never]" and "Last
    >> failed authentication: [never]". That user has in fact authenticated
    >> many times, and has failed a few too. Is there a way I can get that
    >> information to be logged so it will show up with the above "getprinc
    >> user" command? I've looked through the "logging" documentation but am
    >> stumped... Thanks in advance for any advice!

    >
    > I'm just guessing at this one, but I note that this principal does not
    > require preauthentication. In this, case the client does not actually
    > authenticate itself to the KDC at all: the KDC simply sends out the
    > encrypted TGT and relies on the fact that only the intended principal
    > can decrypt it. Hence, I would expect these counters to remain zero.
    >


    --
    ===================================
    Erich Weiler
    UNIX Systems Administrator
    School of Engineering
    University of California Santa Cruz
    weiler@soe.ucsc.edu
    ===================================
    ________________________________________________
    Kerberos mailing list Kerberos@mit.edu
    https://mailman.mit.edu/mailman/listinfo/kerberos


+ Reply to Thread