The audit_remote plugin sends the binary audit trail to an ARS in the same format as the audit_binfile plugin writes to the local audit files. The audit_remote plugin uses the libgss library to authenticate the ARS, and a GSS-API mechanism to protect the transmission with privacy and integrity. For reference, see How the Kerberos Service Works in Managing Kerberos in Oracle Solaris 11.4.
The only currently supported GSS-API mechanism is kerberosv5. For more information, see the mech(5) man page.
To verify whether a Kerberos realm is configured, issue the following command. The sample output indicates that Kerberos is not installed on the system.
$ pkg info kerberos-5/kdc pkg: info: no packages matching these patterns are installed on the system.
Before You Begin
This procedure assumes that you are using the audit_remote plugin. Also, you must be assigned the Software Installation rights profile. By default, the root role has this profile.
You can use the system that will serve as the ARS, or you can use a nearby system. The ARS sends a significant amount of authentication traffic to the master KDC.
$ pfexec pkg install pkg://solaris/security/kerberos-5/kdc
On the master KDC, you use the Kerberos kdcmgr and kadmin commands to manage the realm. For more information, see the kdcmgr(8) and kadmind(8) man pages.
$ pfexec pkg install pkg://solaris/security/kerberos-5/kdc
This package includes the kclient command. On these systems, you run the kclient command to connect with the KDC. For more information, see the kclient(8) man page.
If the clock skew is too big between the audited systems and the ARS, the attempt at connection will fail. After a connection is established, the local time on the ARS determines the names of the stored audit files, as described in Conventions for Binary Audit File Names.
For more information about the clocks, see Ensuring Reliable Time Stamps.