I am running Solaris 2.5 on a sparc-5.
I find the following problem when I run MIT kerberos telnetd and Solaris
BSM audit, the basic security module.
The auditd does not log info of any event of remote sessions connected
through the kerberos telnetd. At the same time, auditd works fine in
logging events of local login sessions and remote connection through
rlogind. If inside a remote login session through the kerberos telnetd,
I run su to root, then all events initiated from the root shell were
Change the telnetd back to the default Solarsi version correct the
I was wondering where does the auditd get execution event information, I
guess it shuold come from the Solaris kernel, this should not be related
to a user level application like telnetd, am I right?
Any help is appreciated.