From: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Date: Wed, 8 Oct 2025 01:28:29 +0000 (+1300)
Subject: WHATSNEW: auth info audit logging
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=f08d63f55bae91f194295abc994ae058126df80f;p=thirdparty%2Fsamba.git

WHATSNEW: auth info audit logging

Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Gary Lockyer <gary@catalyst.net.nz>
---

diff --git a/WHATSNEW.txt b/WHATSNEW.txt
index 968ebd08de2..5447e383b27 100644
--- a/WHATSNEW.txt
+++ b/WHATSNEW.txt
@@ -16,6 +16,23 @@ UPGRADING
 NEW FEATURES/CHANGES
 ====================
 
+Authentication information audit support
+----------------------------------------
+
+There are some Active Directory attributes that are not secret, but
+are relied on in some forms of authentication. Changes to these
+attributes could indicate surreptitious activity. The
+"dsdb_password_audit" and "dsdb_password_json_audit" debug classes now
+log changes to the following attributes:
+
+ * altSecurityIdentities
+ * dNSHostName
+ * msDS-AdditionalDnsHostName
+ * msDS-KeyCredentialLink
+ * servicePrincipalName
+
+For the JSON logs, changes to these will be logged with the "action"
+field set to "Auth info change".
 
 REMOVED FEATURES
 ================