Each time the MIT KDC starts up, it logs the interfaces and ports on which it is listening to the defined KDC log file:

Jul 31 03:04:40 krb5kdc[10543](info): setting up network...
Jul 31 03:04:40 krb5kdc[10543](info): listening on fd 7: 
port 88
Jul 31 03:04:40 krb5kdc[10543](info): listening on fd 8: 
port 750
Jul 31 03:04:40 krb5kdc[10543](info): set up 2 sockets
Jul 31 03:04:40 krb5kdc[10544](info): commencing operation

In this case, the KDC is listening on both the Kerberos 5 and Kerberos 4 well-defined ports. Similarly, every time the KDC is shut down cleanly, it logs this fact to the log file as well:

Jul 31 15:11:57 krb5kdc[779](info): shutting down

Now, let’s take a look at what is logged during Kerberos protocol exchanges. First, let’s take an example user using Kerberos 5, who is obtaining a TGT when he starts his day. The following message is recorded in the log:

Jul 30 23:18:26 krb5kdc[10544](info): AS_REQ (3 etypes {16 3 1}) 192.
168.1.83(88): ISSUE: authtime 1028085506, etypes {rep=16 tkt=16 ses=16}, 

Let’s examine this output piecemeal. First, we have the date, time, and hostname of the KDC. This information appears whether the log is being sent to a file or via syslog. Next, we have the name and process ID of the KDC, as well as the severity of the message (in this case “info”).

The next ...

Get Kerberos: The Definitive Guide now with O’Reilly online learning.

O’Reilly members experience live online training, plus books, videos, and digital content from 200+ publishers.