Difference between revisions of "MIT Kerberos"

From Fail2ban
Jump to: navigation, search
(New page: [http://web.mit.edu/Kerberos/ MIT Kerberos] {{Logging_Outputs}} MIT <tt>krb5kdc</tt> provided by <tt>krb5-kdc-1.4.4-7etch6</tt> (debian) The following log excerpts include an attempt t...)
 
m
Line 21: Line 21:
 
{{Failregex}}
 
{{Failregex}}
  
The following regular expression matches common authentication failures of MIT's <tt>krb5kdc</tt> when principals are configured with pre-authentication required.  The pattern is MIT implementation specific and is not likely to work with Heimdal.
+
The following regular expression matches common authentication <span class="plainlinks">[http://www.supplementstoweightloss.com/ <span style="color:black;font-weight:normal; text-decoration:none!important; background:none!important; text-decoration:none;">weight loss pills</span>] failures of MIT's <tt>krb5kdc</tt> when principals are configured with pre-authentication required.  The pattern is MIT implementation specific and is not likely to work with <span class="plainlinks">[http://www.shoppharmacycounter.com/ <span style="color:black;font-weight:normal; text-decoration:none!important; background:none!important; text-decoration:none;">weight loss pills</span>] Heimdal.
  
 
<pre>
 
<pre>

Revision as of 08:29, 6 November 2011

MIT Kerberos


MIT krb5kdc provided by krb5-kdc-1.4.4-7etch6 (debian)

The following log excerpts include an attempt to authenticate using an invalid principal, followed by an attempt to authenticate using a valid principal with an incorrect password, followed by successful authentication and issue of a ticket granting ticket.

Feb 11 23:48:27 hostname krb5kdc[19386]: AS_REQ (7 etypes {18 17 16 23 1 3 2}) 192.168.2.2: CLIENT_NOT_FOUND: nonexistentuser@REALM.LOCAL for krbtgt/REALM.LOCAL@REALM.LOCAL, Client not found in Kerberos database

Feb 11 23:48:58 hostname krb5kdc[19386]: AS_REQ (7 etypes {18 17 16 23 1 3 2}) 192.168.2.2: NEEDED_PREAUTH: validuserbadpasswd@REALM.LOCAL for krbtgt/REALM.LOCAL@REALM.LOCAL, Additional pre-authentication required
Feb 11 23:48:58 hostname krb5kdc[19386]: preauth (timestamp) verify failure: Decrypt integrity check failed
Feb 11 23:48:58 hostname krb5kdc[19386]: AS_REQ (7 etypes {18 17 16 23 1 3 2}) 192.168.2.2: PREAUTH_FAILED: validuserbadpasswd@REALM.LOCAL for krbtgt/REALM.LOCAL@REALM.LOCAL, Decrypt integrity check failed

Feb 11 23:49:07 hostname krb5kdc[19386]: AS_REQ (7 etypes {18 17 16 23 1 3 2}) 192.168.2.2: NEEDED_PREAUTH: validuserokpasswd@REALM.LOCAL for krbtgt/REALM.LOCAL@REALM.LOCAL, Additional pre-authentication required
Feb 11 23:49:07 hostname krb5kdc[19386]: AS_REQ (7 etypes {18 17 16 23 1 3 2}) 192.168.2.2: ISSUE: authtime 1234414147, etypes {rep=16 tkt=16 ses=16}, validuserokpasswd@REALM.LOCAL for krbtgt/REALM.LOCAL@REALM.LOCAL


Failregex

The regular expressions below are proposed failregex for this software. Multiple regular expressions for failregex will only work with a version of Fail2ban greater than or equal to 0.7.6.

The tag <HOST> in the regular expressions below is just an alias for (?:::f{4,6}:)?(?P<host>\S+). The replacement is done automatically by Fail2ban when adding the regular expression. At the moment, exactly one named group host or <HOST> tag must be present in each regular expression.

Please, before editing this section, propose your changes in the discussion page first.

The following regular expression matches common authentication weight loss pills failures of MIT's krb5kdc when principals are configured with pre-authentication required. The pattern is MIT implementation specific and is not likely to work with weight loss pills Heimdal.

failregex = AS_REQ \([\w\s{}]+\) <HOST>: (PREAUTH_FAILED|CLIENT_NOT_FOUND):