[Logcheck-devel] Bug#318500: logcheck-database: rules for openssh-krb5
Russ Allbery
rra at stanford.edu
Sun Jul 17 17:34:43 UTC 2005
Jamie L Penman-Smithson <jamie at silverdream.org> writes:
> On Fri, 2005-07-15 at 14:02 -0700, Russ Allbery wrote:
>> For support of openssh-krb5, please add the following rule to
>> rulefiles/linux/ignore.d.server/ssh:
>>
>> ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ sshd\[[0-9]+\]: Authorized to [^[:space:]]+, krb5 principal [^[:space:]]+ \(krb5_kuserok\)$
>>
>> and add gssapi-with-mic to the list of authentication alternatives in
>> the first rule in that file. Thanks!
> Could you provide the log messages that this matches?
Sure thing.
System Events
=-=-=-=-=-=-=
Jul 16 12:00:02 lothlorien sshd[7653]: Authorized to eagle, krb5 principal rra at stanford.edu (krb5_kuserok)
Jul 16 12:00:02 lothlorien sshd[7653]: Accepted gssapi-with-mic for eagle from 171.64.19.147 port 48828 ssh2
--
Russ Allbery (rra at stanford.edu) <http://www.eyrie.org/~eagle/>
More information about the Logcheck-devel
mailing list