base/bif/plugins/Zeek_KRB.events.bif.zeek¶
- GLOBAL¶
- Namespace
GLOBAL
Summary¶
Events¶
A Kerberos 5 |
|
A Kerberos 5 |
|
A Kerberos 5 |
|
A Kerberos 5 |
|
A Kerberos 5 |
|
A Kerberos 5 |
|
A Kerberos 5 |
|
A Kerberos 5 |
|
A Kerberos 5 |
|
A Kerberos 5 |
Detailed Interface¶
Events¶
- krb_ap_request¶
- Type
event
(c:connection
, ticket:KRB::Ticket
, opts:KRB::AP_Options
)
A Kerberos 5
Authentication Header (AP) Request
as defined in RFC 4120. This message contains authentication information that should be part of the first message in an authenticated transaction.See Wikipedia for more information about the Kerberos protocol.
- Parameters
c – The connection over which this Kerberos message was sent.
ticket – The Kerberos ticket being used for authentication.
opts – A Kerberos AP options data structure.
See also:
krb_as_request
,krb_as_response
,krb_tgs_request
,krb_tgs_response
,krb_ap_response
,krb_priv
,krb_safe
,krb_cred
,krb_error
- krb_ap_response¶
- Type
event
(c:connection
)
A Kerberos 5
Authentication Header (AP) Response
as defined in RFC 4120. This is used if mutual authentication is desired. All of the interesting information in here is encrypted, so the event doesn’t have much useful data, but it’s provided in case it’s important to know that this message was sent.See Wikipedia for more information about the Kerberos protocol.
- Parameters
c – The connection over which this Kerberos message was sent.
See also:
krb_as_request
,krb_as_response
,krb_tgs_request
,krb_tgs_response
,krb_ap_request
,krb_priv
,krb_safe
,krb_cred
,krb_error
- krb_as_request¶
- Type
event
(c:connection
, msg:KRB::KDC_Request
)
A Kerberos 5
Authentication Server (AS) Request
as defined in RFC 4120. The AS request contains a username of the client requesting authentication, and returns an AS reply with an encrypted Ticket Granting Ticket (TGT) for that user. The TGT can then be used to request further tickets for other services.See Wikipedia for more information about the Kerberos protocol.
- Parameters
c – The connection over which this Kerberos message was sent.
msg – A Kerberos KDC request message data structure.
See also:
krb_as_response
,krb_tgs_request
,krb_tgs_response
,krb_ap_request
,krb_ap_response
,krb_priv
,krb_safe
,krb_cred
,krb_error
- krb_as_response¶
- Type
event
(c:connection
, msg:KRB::KDC_Response
)
A Kerberos 5
Authentication Server (AS) Response
as defined in RFC 4120. Following the AS request for a user, an AS reply contains an encrypted Ticket Granting Ticket (TGT) for that user. The TGT can then be used to request further tickets for other services.See Wikipedia for more information about the Kerberos protocol.
- Parameters
c – The connection over which this Kerberos message was sent.
msg – A Kerberos KDC reply message data structure.
See also:
krb_as_request
,krb_tgs_request
,krb_tgs_response
,krb_ap_request
,krb_ap_response
,krb_priv
,krb_safe
,krb_cred
,krb_error
- krb_cred¶
- Type
event
(c:connection
, is_orig:bool
, tickets:KRB::Ticket_Vector
)
A Kerberos 5
Credential Message
as defined in RFC 4120. This is a private (encrypted) message to forward credentials.See Wikipedia for more information about the Kerberos protocol.
- Parameters
c – The connection over which this Kerberos message was sent.
is_orig – Whether the originator of the connection sent this message.
tickets – Tickets obtained from the KDC that are being forwarded.
See also:
krb_as_request
,krb_as_response
,krb_tgs_request
,krb_tgs_response
,krb_ap_request
,krb_ap_response
,krb_priv
,krb_safe
,krb_error
- krb_error¶
- Type
event
(c:connection
, msg:KRB::Error_Msg
)
A Kerberos 5
Error Message
as defined in RFC 4120.See Wikipedia for more information about the Kerberos protocol.
- Parameters
c – The connection over which this Kerberos message was sent.
msg – A Kerberos error message data structure.
See also:
krb_as_request
,krb_as_response
,krb_tgs_request
,krb_tgs_response
,krb_ap_request
,krb_ap_response
,krb_priv
,krb_safe
,krb_cred
- krb_priv¶
- Type
event
(c:connection
, is_orig:bool
)
A Kerberos 5
Private Message
as defined in RFC 4120. This is a private (encrypted) application message, so the event doesn’t have much useful data, but it’s provided in case it’s important to know that this message was sent.See Wikipedia for more information about the Kerberos protocol.
- Parameters
c – The connection over which this Kerberos message was sent.
is_orig – Whether the originator of the connection sent this message.
See also:
krb_as_request
,krb_as_response
,krb_tgs_request
,krb_tgs_response
,krb_ap_request
,krb_ap_response
,krb_safe
,krb_cred
,krb_error
- krb_safe¶
- Type
event
(c:connection
, is_orig:bool
, msg:KRB::SAFE_Msg
)
A Kerberos 5
Safe Message
as defined in RFC 4120. This is a safe (checksummed) application message.See Wikipedia for more information about the Kerberos protocol.
- Parameters
c – The connection over which this Kerberos message was sent.
is_orig – Whether the originator of the connection sent this message.
msg – A Kerberos SAFE message data structure.
See also:
krb_as_request
,krb_as_response
,krb_tgs_request
,krb_tgs_response
,krb_ap_request
,krb_ap_response
,krb_priv
,krb_cred
,krb_error
- krb_tgs_request¶
- Type
event
(c:connection
, msg:KRB::KDC_Request
)
A Kerberos 5
Ticket Granting Service (TGS) Request
as defined in RFC 4120. Following the Authentication Server exchange, if successful, the client now has a Ticket Granting Ticket (TGT). To authenticate to a Kerberized service, the client requests a Service Ticket, which will be returned in the TGS reply.See Wikipedia for more information about the Kerberos protocol.
- Parameters
c – The connection over which this Kerberos message was sent.
msg – A Kerberos KDC request message data structure.
See also:
krb_as_request
,krb_as_response
,krb_tgs_response
,krb_ap_request
,krb_ap_response
,krb_priv
,krb_safe
,krb_cred
,krb_error
- krb_tgs_response¶
- Type
event
(c:connection
, msg:KRB::KDC_Response
)
A Kerberos 5
Ticket Granting Service (TGS) Response
as defined in RFC 4120. This message returns a Service Ticket to the client, which is encrypted with the service’s long-term key, and which the client can use to authenticate to that service.See Wikipedia for more information about the Kerberos protocol.
- Parameters
c – The connection over which this Kerberos message was sent.
msg – A Kerberos KDC reply message data structure.
See also:
krb_as_request
,krb_as_response
,krb_tgs_request
,krb_ap_request
,krb_ap_response
,krb_priv
,krb_safe
,krb_cred
,krb_error