I am using Solaris 2.5 on a Sparc-5, and I have the BSM audit turned on.
The audit function works as the document says until I find the
Telnet sessions that went in through kerberos telnetd were not audited,
but telnet through Solaris telnetd is audited. Run su from a kerberos
telnet shell, the commands issued in the subsequent shell forked out
from su get auditing.
I assume that kerberos did not set the audit user id, "setauid()" that
results this problem. I changed the login.krb5 login program of kerberos
and patched it to call setauid() to set the audit user id to login user
id before set the real user id. Yet login session through kerberos
telnet still not audited.
Anyone can enlight me on this?