Hi all, I was wondering that in order to debug kerberos issues on a production machine, would it be a good idea to enable trace logging via KRB5_TRACE, for a small amount of time ?
I have experimented with kerberos trace logging in a test environment with commands like kinit, kadmin, and other programmatic calls to GSSAPI and never came across passwords or anything sensitive printed in the trace log. It mainly showed me what TGT requests were being made and who was the library sending requests to ( which is mainly what I wanted to know for debugging purposes). But I wanted to know if it could potentially print something sensitive that could lead to an account compromise or something comparable. Thanks, Pratyush ________________________________________________ Kerberos mailing list Kerberos@mit.edu https://mailman.mit.edu/mailman/listinfo/kerberos
