kdc: separate PKINIT/GSS authorization failure
Create a new audit event for PKINIT/GSS authorization (impersonation) failure
This commit is contained in:
Luke Howard
@@ -94,11 +94,13 @@ enum hdb_lockop{ HDB_RLOCK, HDB_WLOCK };
|
||||
#define HDB_AUTH_EVENT_LTK_PREAUTH_FAILED 5 /* long term key preauth failed */
|
||||
#define HDB_AUTH_EVENT_LTK_PREAUTH_SUCCEEDED 6 /* long term key preauth succeeded */
|
||||
#define HDB_AUTH_EVENT_PKINIT_SUCCEEDED 7 /* PKINIT preauth succeeded */
|
||||
#define HDB_AUTH_EVENT_PKINIT_FAILED 8 /* PKINIT preauth succeeded */
|
||||
#define HDB_AUTH_EVENT_GSS_PA_SUCCEEDED 9 /* GSS preauth succeeded */
|
||||
#define HDB_AUTH_EVENT_GSS_PA_FAILED 10 /* GSS preauth failed */
|
||||
#define HDB_AUTH_EVENT_OTHER_PREAUTH_FAILED 11 /* unknown preauth failed */
|
||||
#define HDB_AUTH_EVENT_OTHER_PREAUTH_SUCCEEDED 12 /* unknown preauth succeeded */
|
||||
#define HDB_AUTH_EVENT_PKINIT_NOT_AUTHORIZED 8 /* PKINIT cert not authorized */
|
||||
#define HDB_AUTH_EVENT_PKINIT_FAILED 9 /* PKINIT preauth succeeded */
|
||||
#define HDB_AUTH_EVENT_GSS_PA_SUCCEEDED 10 /* GSS preauth succeeded */
|
||||
#define HDB_AUTH_EVENT_GSS_PA_NOT_AUTHORIZED 11 /* GSS preauth mapping failed */
|
||||
#define HDB_AUTH_EVENT_GSS_PA_FAILED 12 /* GSS preauth failed */
|
||||
#define HDB_AUTH_EVENT_OTHER_PREAUTH_FAILED 13 /* unknown preauth failed */
|
||||
#define HDB_AUTH_EVENT_OTHER_PREAUTH_SUCCEEDED 14 /* unknown preauth succeeded */
|
||||
|
||||
/*
|
||||
* Audit keys to be queried using heim_audit_getkv(). There are other keys
|
||||
|
||||
Reference in New Issue
Block a user