Project

General

Profile

Actions
Copy link

Bug #7530

open

Kerberos: sname/cname code and suricata documentation both wrong

Added by campbell robertson 23 days ago. Updated 22 days ago.

Status:
New
Priority:
Normal
Assignee:
OISF Dev
Target version:
TBD
Affected Versions:
Effort:
Difficulty:
Label:
Beginner

Description

In the suricata documentation the cname and sname are described as client and server name. https://docs.suricata.io/en/latest/rules/kerberos-keywords.html
But the suricata code in github, describe the krb5_cname and krb5_sname as their respective principal name:

These were contradicting, so we did a test and it looks like the the krb5_cname is the client service principal and the sname is the destination server, so it appears that both the docs and the code documentation is wrong.

Files

Screenshot 2025-01-30 at 1.47.18 PM.png (52.5 KB) Screenshot 2025-01-30 at 1.47.18 PM.png campbell robertson, 01/30/2025 07:47 PM
Actions
Copy link
 #1

Updated by Victor Julien 22 days ago

@Pierre Chifflier can you have a look?

Actions
Copy link

Also available in: Atom PDF