base/bif/plugins/Bro_KRB.events.bif.bro¶

GLOBAL¶

Namespace:	GLOBAL
Source File:	`/scripts/base/bif/plugins/Bro_KRB.events.bif.bro`

Summary¶

Events¶

`krb_ap_request`: `event`	A Kerberos 5 `Authentication Header (AP) Request` as defined in RFC 4120.
`krb_ap_response`: `event`	A Kerberos 5 `Authentication Header (AP) Response` as defined in RFC 4120.
`krb_as_request`: `event`	A Kerberos 5 `Authentication Server (AS) Request` as defined in RFC 4120.
`krb_as_response`: `event`	A Kerberos 5 `Authentication Server (AS) Response` as defined in RFC 4120.
`krb_cred`: `event`	A Kerberos 5 `Credential Message` as defined in RFC 4120.
`krb_error`: `event`	A Kerberos 5 `Error Message` as defined in RFC 4120.
`krb_priv`: `event`	A Kerberos 5 `Private Message` as defined in RFC 4120.
`krb_safe`: `event`	A Kerberos 5 `Safe Message` as defined in RFC 4120.
`krb_tgs_request`: `event`	A Kerberos 5 `Ticket Granting Service (TGS) Request` as defined in RFC 4120.
`krb_tgs_response`: `event`	A Kerberos 5 `Ticket Granting Service (TGS) Response` as defined in RFC 4120.

Detailed Interface¶

Events¶

krb_ap_request¶

Type:	`event` (c: `connection`, ticket: `KRB::Ticket`, opts: `KRB::AP_Options`)

A Kerberos 5 Authentication Header (AP) Request as defined in RFC 4120. This message contains authentication information that should be part of the first message in an authenticated transaction.

See Wikipedia for more information about the Kerberos protocol.

C:	The connection over which this Kerberos message was sent.
Ticket:	The Kerberos ticket being used for authentication.
Opts:	A Kerberos AP options data structure.

See also: krb_as_request, krb_as_response, krb_tgs_request, krb_tgs_response, krb_ap_response, krb_priv, krb_safe, krb_cred, krb_error

krb_ap_response¶

Type:	`event` (c: `connection`)

A Kerberos 5 Authentication Header (AP) Response as defined in RFC 4120. This is used if mutual authentication is desired. All of the interesting information in here is encrypted, so the event doesn’t have much useful data, but it’s provided in case it’s important to know that this message was sent.

See Wikipedia for more information about the Kerberos protocol.

C:	The connection over which this Kerberos message was sent.

See also: krb_as_request, krb_as_response, krb_tgs_request, krb_tgs_response, krb_ap_request, krb_priv, krb_safe, krb_cred, krb_error

krb_as_request¶

Type:	`event` (c: `connection`, msg: `KRB::KDC_Request`)

A Kerberos 5 Authentication Server (AS) Request as defined in RFC 4120. The AS request contains a username of the client requesting authentication, and returns an AS reply with an encrypted Ticket Granting Ticket (TGT) for that user. The TGT can then be used to request further tickets for other services.

See Wikipedia for more information about the Kerberos protocol.

C:	The connection over which this Kerberos message was sent.
Msg:	A Kerberos KDC request message data structure.

See also: krb_as_response, krb_tgs_request, krb_tgs_response, krb_ap_request, krb_ap_response, krb_priv, krb_safe, krb_cred, krb_error

krb_as_response¶

Type:	`event` (c: `connection`, msg: `KRB::KDC_Response`)

A Kerberos 5 Authentication Server (AS) Response as defined in RFC 4120. Following the AS request for a user, an AS reply contains an encrypted Ticket Granting Ticket (TGT) for that user. The TGT can then be used to request further tickets for other services.

See Wikipedia for more information about the Kerberos protocol.

C:	The connection over which this Kerberos message was sent.
Msg:	A Kerberos KDC reply message data structure.

See also: krb_as_request, krb_tgs_request, krb_tgs_response, krb_ap_request, krb_ap_response, krb_priv, krb_safe, krb_cred, krb_error

krb_cred¶

Type:	`event` (c: `connection`, is_orig: `bool`, tickets: `KRB::Ticket_Vector`)

A Kerberos 5 Credential Message as defined in RFC 4120. This is a private (encrypted) message to forward credentials.

See Wikipedia for more information about the Kerberos protocol.

C:	The connection over which this Kerberos message was sent.
Is_orig:	Whether the originator of the connection sent this message.
Tickets:	Tickets obtained from the KDC that are being forwarded.

See also: krb_as_request, krb_as_response, krb_tgs_request, krb_tgs_response, krb_ap_request, krb_ap_response, krb_priv, krb_safe, krb_error

krb_error¶

Type:	`event` (c: `connection`, msg: `KRB::Error_Msg`)

A Kerberos 5 Error Message as defined in RFC 4120.

See Wikipedia for more information about the Kerberos protocol.

C:	The connection over which this Kerberos message was sent.
Msg:	A Kerberos error message data structure.

See also: krb_as_request, krb_as_response, krb_tgs_request, krb_tgs_response, krb_ap_request, krb_ap_response, krb_priv, krb_safe, krb_cred

krb_priv¶

Type:	`event` (c: `connection`, is_orig: `bool`)

A Kerberos 5 Private Message as defined in RFC 4120. This is a private (encrypted) application message, so the event doesn’t have much useful data, but it’s provided in case it’s important to know that this message was sent.

See Wikipedia for more information about the Kerberos protocol.

C:	The connection over which this Kerberos message was sent.
Is_orig:	Whether the originator of the connection sent this message.

See also: krb_as_request, krb_as_response, krb_tgs_request, krb_tgs_response, krb_ap_request, krb_ap_response, krb_safe, krb_cred, krb_error

krb_safe¶

Type:	`event` (c: `connection`, is_orig: `bool`, msg: `KRB::SAFE_Msg`)

A Kerberos 5 Safe Message as defined in RFC 4120. This is a safe (checksummed) application message.

See Wikipedia for more information about the Kerberos protocol.

C:	The connection over which this Kerberos message was sent.
Is_orig:	Whether the originator of the connection sent this message.
Msg:	A Kerberos SAFE message data structure.

See also: krb_as_request, krb_as_response, krb_tgs_request, krb_tgs_response, krb_ap_request, krb_ap_response, krb_priv, krb_cred, krb_error

krb_tgs_request¶

Type:	`event` (c: `connection`, msg: `KRB::KDC_Request`)

A Kerberos 5 Ticket Granting Service (TGS) Request as defined in RFC 4120. Following the Authentication Server exchange, if successful, the client now has a Ticket Granting Ticket (TGT). To authenticate to a Kerberized service, the client requests a Service Ticket, which will be returned in the TGS reply.

See Wikipedia for more information about the Kerberos protocol.

C:	The connection over which this Kerberos message was sent.
Msg:	A Kerberos KDC request message data structure.

See also: krb_as_request, krb_as_response, krb_tgs_response, krb_ap_request, krb_ap_response, krb_priv, krb_safe, krb_cred, krb_error

krb_tgs_response¶

Type:	`event` (c: `connection`, msg: `KRB::KDC_Response`)

A Kerberos 5 Ticket Granting Service (TGS) Response as defined in RFC 4120. This message returns a Service Ticket to the client, which is encrypted with the service’s long-term key, and which the client can use to authenticate to that service.

See Wikipedia for more information about the Kerberos protocol.

C:	The connection over which this Kerberos message was sent.
Msg:	A Kerberos KDC reply message data structure.

See also: krb_as_request, krb_as_response, krb_tgs_request, krb_ap_request, krb_ap_response, krb_priv, krb_safe, krb_cred, krb_error

Copyright 2016, The Bro Project. Last updated on December 19, 2018. Created using Sphinx 1.8.2.