base/bif/plugins/Bro_KRB.events.bif.bro

GLOBAL
Namespace:GLOBAL
Source File:/scripts/base/bif/plugins/Bro_KRB.events.bif.bro

Summary

Events

krb_ap_request: event A Kerberos 5 Authentication Header (AP) Request as defined in RFC 4120.
krb_ap_response: event A Kerberos 5 Authentication Header (AP) Response as defined in RFC 4120.
krb_as_request: event A Kerberos 5 Authentication Server (AS) Request as defined in RFC 4120.
krb_as_response: event A Kerberos 5 Authentication Server (AS) Response as defined in RFC 4120.
krb_cred: event A Kerberos 5 Credential Message as defined in RFC 4120.
krb_error: event A Kerberos 5 Error Message as defined in RFC 4120.
krb_priv: event A Kerberos 5 Private Message as defined in RFC 4120.
krb_safe: event A Kerberos 5 Safe Message as defined in RFC 4120.
krb_tgs_request: event A Kerberos 5 Ticket Granting Service (TGS) Request as defined in RFC 4120.
krb_tgs_response: event A Kerberos 5 Ticket Granting Service (TGS) Response as defined in RFC 4120.

Detailed Interface

Events

krb_ap_request
Type:event (c: connection, ticket: KRB::Ticket, opts: KRB::AP_Options)

A Kerberos 5 Authentication Header (AP) Request as defined in RFC 4120. This message contains authentication information that should be part of the first message in an authenticated transaction.

See Wikipedia for more information about the Kerberos protocol.

C:The connection over which this Kerberos message was sent.
Ticket:The Kerberos ticket being used for authentication.
Opts:A Kerberos AP options data structure.

See also: krb_as_request, krb_as_response, krb_tgs_request, krb_tgs_response, krb_ap_response, krb_priv, krb_safe, krb_cred, krb_error

krb_ap_response
Type:event (c: connection)

A Kerberos 5 Authentication Header (AP) Response as defined in RFC 4120. This is used if mutual authentication is desired. All of the interesting information in here is encrypted, so the event doesn’t have much useful data, but it’s provided in case it’s important to know that this message was sent.

See Wikipedia for more information about the Kerberos protocol.

C:The connection over which this Kerberos message was sent.

See also: krb_as_request, krb_as_response, krb_tgs_request, krb_tgs_response, krb_ap_request, krb_priv, krb_safe, krb_cred, krb_error

krb_as_request
Type:event (c: connection, msg: KRB::KDC_Request)

A Kerberos 5 Authentication Server (AS) Request as defined in RFC 4120. The AS request contains a username of the client requesting authentication, and returns an AS reply with an encrypted Ticket Granting Ticket (TGT) for that user. The TGT can then be used to request further tickets for other services.

See Wikipedia for more information about the Kerberos protocol.

C:The connection over which this Kerberos message was sent.
Msg:A Kerberos KDC request message data structure.

See also: krb_as_response, krb_tgs_request, krb_tgs_response, krb_ap_request, krb_ap_response, krb_priv, krb_safe, krb_cred, krb_error

krb_as_response
Type:event (c: connection, msg: KRB::KDC_Response)

A Kerberos 5 Authentication Server (AS) Response as defined in RFC 4120. Following the AS request for a user, an AS reply contains an encrypted Ticket Granting Ticket (TGT) for that user. The TGT can then be used to request further tickets for other services.

See Wikipedia for more information about the Kerberos protocol.

C:The connection over which this Kerberos message was sent.
Msg:A Kerberos KDC reply message data structure.

See also: krb_as_request, krb_tgs_request, krb_tgs_response, krb_ap_request, krb_ap_response, krb_priv, krb_safe, krb_cred, krb_error

krb_cred
Type:event (c: connection, is_orig: bool, tickets: KRB::Ticket_Vector)

A Kerberos 5 Credential Message as defined in RFC 4120. This is a private (encrypted) message to forward credentials.

See Wikipedia for more information about the Kerberos protocol.

C:The connection over which this Kerberos message was sent.
Is_orig:Whether the originator of the connection sent this message.
Tickets:Tickets obtained from the KDC that are being forwarded.

See also: krb_as_request, krb_as_response, krb_tgs_request, krb_tgs_response, krb_ap_request, krb_ap_response, krb_priv, krb_safe, krb_error

krb_error
Type:event (c: connection, msg: KRB::Error_Msg)

A Kerberos 5 Error Message as defined in RFC 4120.

See Wikipedia for more information about the Kerberos protocol.

C:The connection over which this Kerberos message was sent.
Msg:A Kerberos error message data structure.

See also: krb_as_request, krb_as_response, krb_tgs_request, krb_tgs_response, krb_ap_request, krb_ap_response, krb_priv, krb_safe, krb_cred

krb_priv
Type:event (c: connection, is_orig: bool)

A Kerberos 5 Private Message as defined in RFC 4120. This is a private (encrypted) application message, so the event doesn’t have much useful data, but it’s provided in case it’s important to know that this message was sent.

See Wikipedia for more information about the Kerberos protocol.

C:The connection over which this Kerberos message was sent.
Is_orig:Whether the originator of the connection sent this message.

See also: krb_as_request, krb_as_response, krb_tgs_request, krb_tgs_response, krb_ap_request, krb_ap_response, krb_safe, krb_cred, krb_error

krb_safe
Type:event (c: connection, is_orig: bool, msg: KRB::SAFE_Msg)

A Kerberos 5 Safe Message as defined in RFC 4120. This is a safe (checksummed) application message.

See Wikipedia for more information about the Kerberos protocol.

C:The connection over which this Kerberos message was sent.
Is_orig:Whether the originator of the connection sent this message.
Msg:A Kerberos SAFE message data structure.

See also: krb_as_request, krb_as_response, krb_tgs_request, krb_tgs_response, krb_ap_request, krb_ap_response, krb_priv, krb_cred, krb_error

krb_tgs_request
Type:event (c: connection, msg: KRB::KDC_Request)

A Kerberos 5 Ticket Granting Service (TGS) Request as defined in RFC 4120. Following the Authentication Server exchange, if successful, the client now has a Ticket Granting Ticket (TGT). To authenticate to a Kerberized service, the client requests a Service Ticket, which will be returned in the TGS reply.

See Wikipedia for more information about the Kerberos protocol.

C:The connection over which this Kerberos message was sent.
Msg:A Kerberos KDC request message data structure.

See also: krb_as_request, krb_as_response, krb_tgs_response, krb_ap_request, krb_ap_response, krb_priv, krb_safe, krb_cred, krb_error

krb_tgs_response
Type:event (c: connection, msg: KRB::KDC_Response)

A Kerberos 5 Ticket Granting Service (TGS) Response as defined in RFC 4120. This message returns a Service Ticket to the client, which is encrypted with the service’s long-term key, and which the client can use to authenticate to that service.

See Wikipedia for more information about the Kerberos protocol.

C:The connection over which this Kerberos message was sent.
Msg:A Kerberos KDC reply message data structure.

See also: krb_as_request, krb_as_response, krb_tgs_request, krb_ap_request, krb_ap_response, krb_priv, krb_safe, krb_cred, krb_error


Copyright 2016, The Bro Project. Last updated on December 19, 2018. Created using Sphinx 1.8.2.