Yikes! This post is over a year old!
If you think it deserves a rewrite please get in touch or leave a comment.
— Thanks, Ash.
The below command will parse a series of historic apache2 log files and present back a list of unique, fully-qualified, alphabetically sorted, Kerberos usernames that logged in using Basic HTTP authentication. It’s assumed that you have the krb5
module installed for Apache.
zcat error.log*gz | grep '$DATE' | grep 'kerb_authenticate_user_krb5pwd' | awk '{ print $14 }' | sort -u | sed -E 's/user=//
Results in:
userA@DOMAIN
userB@DOMAIN
userC@DOMAIN
userD@DOMAIN
userE@DOMAIN