MIT

Each time the MIT KDC starts up, it logs the interfaces and ports on which it is listening to the defined KDC log file:

Jul 31 03:04:40 www.wedgie.org krb5kdc[10543](info): setting up network...
Jul 31 03:04:40 www.wedgie.org krb5kdc[10543](info): listening on fd 7: 192.168.1.83 
port 88
Jul 31 03:04:40 www.wedgie.org krb5kdc[10543](info): listening on fd 8: 192.168.1.83 
port 750
Jul 31 03:04:40 www.wedgie.org krb5kdc[10543](info): set up 2 sockets
Jul 31 03:04:40 www.wedgie.org krb5kdc[10544](info): commencing operation

In this case, the KDC is listening on both the Kerberos 5 and Kerberos 4 well-defined ports. Similarly, every time the KDC is shut down cleanly, it logs this fact to the log file as well:

Jul 31 15:11:57 www1.wedgie.org krb5kdc[779](info): shutting down

Now, let’s take a look at what is logged during Kerberos protocol exchanges. First, let’s take an example user using Kerberos 5, who is obtaining a TGT when he starts his day. The following message is recorded in the log:

Jul 30 23:18:26 www1.wedgie.org krb5kdc[10544](info): AS_REQ (3 etypes {16 3 1}) 192.
168.1.83(88): ISSUE: authtime 1028085506, etypes {rep=16 tkt=16 ses=16}, 
jgarman@WEDGIE.ORG for krbtgt/WEDGIE.ORG@WEDGIE.ORG

Let’s examine this output piecemeal. First, we have the date, time, and hostname of the KDC. This information appears whether the log is being sent to a file or via syslog. Next, we have the name and process ID of the KDC, as well as the severity of the message (in this case “info”).

The next ...

Get Kerberos: The Definitive Guide now with the O’Reilly learning platform.

O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.