WHATSNEW: mention KDC auditing

author Andrew Bartlett <abartlet@samba.org>

Thu, 20 Jul 2023 03:48:40 +0000 (15:48 +1200)

committer Andrew Bartlett <abartlet@samba.org>

Fri, 21 Jul 2023 01:25:37 +0000 (01:25 +0000)
author Andrew Bartlett <abartlet@samba.org>
Thu, 20 Jul 2023 03:48:40 +0000 (15:48 +1200)
committer Andrew Bartlett <abartlet@samba.org>
Fri, 21 Jul 2023 01:25:37 +0000 (01:25 +0000)
diff --git a/WHATSNEW.txt b/WHATSNEW.txt

index 417a2fa2701cfa7e6c9ba379998c8620cc275fef..4254b0c2aaf16dd3901eb53f4f55a2cb8d20b5ab 100644 (file)
--- a/WHATSNEW.txt
+++ b/WHATSNEW.txt
@@ -98,6 +98,16 @@ samba-tool domain schemaupgrade --schema=2019
  samba-tool domain functionalprep --function-level=2016
  samba-tool domain level raise --domain-level=2016 --forest-level=2016
  
+Improved KDC Auditing
+---------------------
+
+As part of the auditing required to allow successful deployment of
+Authentication Policies and Authentication Silos, our KDC now provides
+Samba-style JSON audit logging of all issued Kerberos tickets,
+including if they would fail a policy that is not yet enforced.
+Additionally most failures are audited, (after the initial
+pre-validation of the request).
+
  Kerberos Armoring (FAST) Support for Windows clients
  ----------------------------------------------------
author	Andrew Bartlett <abartlet@samba.org>
	Thu, 20 Jul 2023 03:48:40 +0000 (15:48 +1200)
committer	Andrew Bartlett <abartlet@samba.org>
	Fri, 21 Jul 2023 01:25:37 +0000 (01:25 +0000)