MIT

To enable logging in the MIT KDC, the krb5.conf file can contain a [logging] stanza with several variables that control where the logging output goes. Here are the variables:

kdc

The kdc variable controls where the log for the KDC’s authentication service and Ticket Granting Service is sent. The logs produced in the file specified in the KDC variable contain all of the transactions between users, servers, and the KDC.

admin_server

The admin_server variable controls where the logs for the kadmin server are sent. The logs produced in the file specified in the admin_server variable contain all of the transactions between Kerberos administrators and the KDC that are performed through the kadmin interface.

Each option can take several different arguments, depending on the type of file, device, or syslog facility you wish the logs to be sent to. If you want logs sent to several destinations, you can list them, one at a time, on separate lines.

FILE= filenameFILE:filename

These options send the specified logs to a file called filename. In the first form with a “=”, the file is overwritten each time the KDC starts. The second form, specified with a “:”, indicates that the file will be appended to each time the KDC starts.

STDERR

This option specifies that the logs should be sent to the standard error output of the KDC.

CONSOLE

This option specifies that the logs be sent to the console of the KDC machine.

DEVICE= devicename

This option specifies that the logs be sent to the devicename. This can ...

Get Kerberos: The Definitive Guide now with the O’Reilly learning platform.

O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.

Start your free trial