GLOBAL
Namespace: | GLOBAL |
---|---|
Source File: | /scripts/base/bif/plugins/Bro_KRB.events.bif.bro |
krb_ap_request : event |
A Kerberos 5 Authentication Header (AP) Request as defined
in RFC 4120. |
krb_ap_response : event |
A Kerberos 5 Authentication Header (AP) Response as defined
in RFC 4120. |
krb_as_request : event |
A Kerberos 5 Authentication Server (AS) Request as defined
in RFC 4120. |
krb_as_response : event |
A Kerberos 5 Authentication Server (AS) Response as defined
in RFC 4120. |
krb_cred : event |
A Kerberos 5 Credential Message as defined in RFC 4120. |
krb_error : event |
A Kerberos 5 Error Message as defined in RFC 4120. |
krb_priv : event |
A Kerberos 5 Private Message as defined in RFC 4120. |
krb_safe : event |
A Kerberos 5 Safe Message as defined in RFC 4120. |
krb_tgs_request : event |
A Kerberos 5 Ticket Granting Service (TGS) Request as defined
in RFC 4120. |
krb_tgs_response : event |
A Kerberos 5 Ticket Granting Service (TGS) Response as defined
in RFC 4120. |
krb_ap_request
Type: | event (c: connection , ticket: KRB::Ticket , opts: KRB::AP_Options ) |
---|
A Kerberos 5 Authentication Header (AP) Request
as defined
in RFC 4120. This message contains authentication information
that should be part of the first message in an authenticated
transaction.
See Wikipedia for more information about the Kerberos protocol.
C: | The connection over which this Kerberos message was sent. |
---|---|
Ticket: | The Kerberos ticket being used for authentication. |
Opts: | A Kerberos AP options data structure. |
See also: krb_as_request
, krb_as_response
, krb_tgs_request
, krb_tgs_response
, krb_ap_response
, krb_priv
, krb_safe
, krb_cred
, krb_error
krb_ap_response
Type: | event (c: connection ) |
---|
A Kerberos 5 Authentication Header (AP) Response
as defined
in RFC 4120. This is used if mutual authentication is desired.
All of the interesting information in here is encrypted, so the event
doesn’t have much useful data, but it’s provided in case it’s important
to know that this message was sent.
See Wikipedia for more information about the Kerberos protocol.
C: | The connection over which this Kerberos message was sent. |
---|
See also: krb_as_request
, krb_as_response
, krb_tgs_request
, krb_tgs_response
, krb_ap_request
, krb_priv
, krb_safe
, krb_cred
, krb_error
krb_as_request
Type: | event (c: connection , msg: KRB::KDC_Request ) |
---|
A Kerberos 5 Authentication Server (AS) Request
as defined
in RFC 4120. The AS request contains a username of the client
requesting authentication, and returns an AS reply with an
encrypted Ticket Granting Ticket (TGT) for that user. The TGT
can then be used to request further tickets for other services.
See Wikipedia for more information about the Kerberos protocol.
C: | The connection over which this Kerberos message was sent. |
---|---|
Msg: | A Kerberos KDC request message data structure. |
See also: krb_as_response
, krb_tgs_request
, krb_tgs_response
, krb_ap_request
, krb_ap_response
, krb_priv
, krb_safe
, krb_cred
, krb_error
krb_as_response
Type: | event (c: connection , msg: KRB::KDC_Response ) |
---|
A Kerberos 5 Authentication Server (AS) Response
as defined
in RFC 4120. Following the AS request for a user, an AS reply
contains an encrypted Ticket Granting Ticket (TGT) for that user.
The TGT can then be used to request further tickets for other services.
See Wikipedia for more information about the Kerberos protocol.
C: | The connection over which this Kerberos message was sent. |
---|---|
Msg: | A Kerberos KDC reply message data structure. |
See also: krb_as_request
, krb_tgs_request
, krb_tgs_response
, krb_ap_request
, krb_ap_response
, krb_priv
, krb_safe
, krb_cred
, krb_error
krb_cred
Type: | event (c: connection , is_orig: bool , tickets: KRB::Ticket_Vector ) |
---|
A Kerberos 5 Credential Message
as defined in RFC 4120. This is
a private (encrypted) message to forward credentials.
See Wikipedia for more information about the Kerberos protocol.
C: | The connection over which this Kerberos message was sent. |
---|---|
Is_orig: | Whether the originator of the connection sent this message. |
Tickets: | Tickets obtained from the KDC that are being forwarded. |
See also: krb_as_request
, krb_as_response
, krb_tgs_request
, krb_tgs_response
, krb_ap_request
, krb_ap_response
, krb_priv
, krb_safe
, krb_error
krb_error
Type: | event (c: connection , msg: KRB::Error_Msg ) |
---|
A Kerberos 5 Error Message
as defined in RFC 4120.
See Wikipedia for more information about the Kerberos protocol.
C: | The connection over which this Kerberos message was sent. |
---|---|
Msg: | A Kerberos error message data structure. |
See also: krb_as_request
, krb_as_response
, krb_tgs_request
, krb_tgs_response
, krb_ap_request
, krb_ap_response
, krb_priv
, krb_safe
, krb_cred
krb_priv
Type: | event (c: connection , is_orig: bool ) |
---|
A Kerberos 5 Private Message
as defined in RFC 4120. This
is a private (encrypted) application message, so the event doesn’t
have much useful data, but it’s provided in case it’s important to
know that this message was sent.
See Wikipedia for more information about the Kerberos protocol.
C: | The connection over which this Kerberos message was sent. |
---|---|
Is_orig: | Whether the originator of the connection sent this message. |
See also: krb_as_request
, krb_as_response
, krb_tgs_request
, krb_tgs_response
, krb_ap_request
, krb_ap_response
, krb_safe
, krb_cred
, krb_error
krb_safe
Type: | event (c: connection , is_orig: bool , msg: KRB::SAFE_Msg ) |
---|
A Kerberos 5 Safe Message
as defined in RFC 4120. This is a
safe (checksummed) application message.
See Wikipedia for more information about the Kerberos protocol.
C: | The connection over which this Kerberos message was sent. |
---|---|
Is_orig: | Whether the originator of the connection sent this message. |
Msg: | A Kerberos SAFE message data structure. |
See also: krb_as_request
, krb_as_response
, krb_tgs_request
, krb_tgs_response
, krb_ap_request
, krb_ap_response
, krb_priv
, krb_cred
, krb_error
krb_tgs_request
Type: | event (c: connection , msg: KRB::KDC_Request ) |
---|
A Kerberos 5 Ticket Granting Service (TGS) Request
as defined
in RFC 4120. Following the Authentication Server exchange, if
successful, the client now has a Ticket Granting Ticket (TGT). To
authenticate to a Kerberized service, the client requests a Service
Ticket, which will be returned in the TGS reply.
See Wikipedia for more information about the Kerberos protocol.
C: | The connection over which this Kerberos message was sent. |
---|---|
Msg: | A Kerberos KDC request message data structure. |
See also: krb_as_request
, krb_as_response
, krb_tgs_response
, krb_ap_request
, krb_ap_response
, krb_priv
, krb_safe
, krb_cred
, krb_error
krb_tgs_response
Type: | event (c: connection , msg: KRB::KDC_Response ) |
---|
A Kerberos 5 Ticket Granting Service (TGS) Response
as defined
in RFC 4120. This message returns a Service Ticket to the client,
which is encrypted with the service’s long-term key, and which the
client can use to authenticate to that service.
See Wikipedia for more information about the Kerberos protocol.
C: | The connection over which this Kerberos message was sent. |
---|---|
Msg: | A Kerberos KDC reply message data structure. |
See also: krb_as_request
, krb_as_response
, krb_tgs_request
, krb_ap_request
, krb_ap_response
, krb_priv
, krb_safe
, krb_cred
, krb_error