From f08d63f55bae91f194295abc994ae058126df80f Mon Sep 17 00:00:00 2001
From: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Date: Wed, 8 Oct 2025 14:28:29 +1300
Subject: [PATCH] WHATSNEW: auth info audit logging

Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Gary Lockyer <gary@catalyst.net.nz>
---
 WHATSNEW.txt | 17 +++++++++++++++++
 1 file changed, 17 insertions(+)

diff --git a/WHATSNEW.txt b/WHATSNEW.txt
index 968ebd08de2..5447e383b27 100644
--- a/WHATSNEW.txt
+++ b/WHATSNEW.txt
@@ -16,6 +16,23 @@ UPGRADING
 NEW FEATURES/CHANGES
 ====================
 
+Authentication information audit support
+----------------------------------------
+
+There are some Active Directory attributes that are not secret, but
+are relied on in some forms of authentication. Changes to these
+attributes could indicate surreptitious activity. The
+"dsdb_password_audit" and "dsdb_password_json_audit" debug classes now
+log changes to the following attributes:
+
+ * altSecurityIdentities
+ * dNSHostName
+ * msDS-AdditionalDnsHostName
+ * msDS-KeyCredentialLink
+ * servicePrincipalName
+
+For the JSON logs, changes to these will be logged with the "action"
+field set to "Auth info change".
 
 REMOVED FEATURES
 ================
-- 
2.47.3