MIT
To enable logging in the MIT KDC, the
krb5.conf file can contain a [logging]
stanza with several variables
that control where the logging output goes. Here are the
variables:
kdc
The
kdc
variable controls where the log for the KDC’s authentication service and Ticket Granting Service is sent. The logs produced in the file specified in the KDC variable contain all of the transactions between users, servers, and the KDC.admin_server
The
admin_server
variable controls where the logs for thekadmin
server are sent. The logs produced in the file specified in theadmin_server
variable contain all of the transactions between Kerberos administrators and the KDC that are performed through thekadmin
interface.
Each option can take several different arguments, depending on the type of file, device, or syslog facility you wish the logs to be sent to. If you want logs sent to several destinations, you can list them, one at a time, on separate lines.
FILE=
filename
FILE
:filename
These options send the specified logs to a file called
filename
. In the first form with a “=”, the file is overwritten each time the KDC starts. The second form, specified with a “:”, indicates that the file will be appended to each time the KDC starts.STDERR
This option specifies that the logs should be sent to the standard error output of the KDC.
CONSOLE
This option specifies that the logs be sent to the console of the KDC machine.
DEVICE=
devicename
This option specifies that the logs be sent to the
devicename
. This can ...
Get Kerberos: The Definitive Guide now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.