0

I would like to execute a command every time a user is authenticating on the server. As for now, the only way I can "detect" a valid authentication is by looking at the logs in /var/log/auth.log. As logs are not meant to be used as triggers, I'd like to use a more state-of-the-art method.

Is there any reliable way to detect authentication on my KDC server ?

Bnr
  • 1
  • 2
    That sounds like an XY problem description. What is the business problem that you're trying to solve? Because what you're asking about now does not appear to be a common solution or approach. – HBruijn Aug 02 '22 at 09:08
  • @HBruijn I am using Kerberos to manage M2M authentication. Kerberos clients are not constantly connected to the server. Therefore, I need to find a way for the client to warn the main server that he is connected and legitimate. Some tasks have to be executed upon that event. The best workaround I could find is to create a kerberized webpage and let a python program authenticate on this service to trigger task execution. If I could detect a flag when a machine is authenticated, I could basically remove the kerberized webpage service. – Bnr Aug 02 '22 at 12:56
  • What does "warn the main server" achieve here? Executing some tasks on connection makes sense (though I think the kerberized webpage option that you currently have is a much *better* choice than what you're trying to do), but is that where the 'connected and legitimate' part goes, or is it something else? (The main worry is: if you do that, how do you correlate the legitimate client talking to the KDC with the allegedly-legitimate client talking to some other service? By IP address?) – user1686 Aug 03 '22 at 11:45
  • @user1686 My main goal would be able to trigger a Python code execution, or even detect it from a listening loop in a Python daemon. Ideally, it would only trigger when a TGT is emitted for a client, passing the username that just got the ticket. If there is no state-of-the-art method for that, I will create a webpage and a Python script dedicated for that. – Bnr Aug 04 '22 at 16:52

0 Answers0