WHATSNEW: auth info audit logging

author Douglas Bagnall <douglas.bagnall@catalyst.net.nz>

Wed, 8 Oct 2025 01:28:29 +0000 (14:28 +1300)

committer Jennifer Sutton <jsutton@samba.org>

Fri, 10 Oct 2025 01:27:31 +0000 (01:27 +0000)
author Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Wed, 8 Oct 2025 01:28:29 +0000 (14:28 +1300)
committer Jennifer Sutton <jsutton@samba.org>
Fri, 10 Oct 2025 01:27:31 +0000 (01:27 +0000)
diff --git a/WHATSNEW.txt b/WHATSNEW.txt

index 968ebd08de22524ede9e841ad0ad6a97ed3aede8..5447e383b27fce125144286340a4578ca49e0d07 100644 (file)
--- a/WHATSNEW.txt
+++ b/WHATSNEW.txt
@@ -16,6 +16,23 @@ UPGRADING
  NEW FEATURES/CHANGES
  ====================
  
+Authentication information audit support
+----------------------------------------
+
+There are some Active Directory attributes that are not secret, but
+are relied on in some forms of authentication. Changes to these
+attributes could indicate surreptitious activity. The
+"dsdb_password_audit" and "dsdb_password_json_audit" debug classes now
+log changes to the following attributes:
+
+ * altSecurityIdentities
+ * dNSHostName
+ * msDS-AdditionalDnsHostName
+ * msDS-KeyCredentialLink
+ * servicePrincipalName
+
+For the JSON logs, changes to these will be logged with the "action"
+field set to "Auth info change".
  
  REMOVED FEATURES
  ================
author	Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
	Wed, 8 Oct 2025 01:28:29 +0000 (14:28 +1300)
committer	Jennifer Sutton <jsutton@samba.org>
	Fri, 10 Oct 2025 01:27:31 +0000 (01:27 +0000)