The new Heimdal update appears to have broken PKINIT auditing (note that this did not have a good test framework, so this was not a supprise). make test TESTS=samba4.blackbox.pkinit shows hdb_samba4_audit: Unhandled hdb_auth_status=9 => INTERNAL_ERROR
Cases to handle KDC_AUTH_EVENT_VALIDATED_LONG_TERM_KEY and KDC_AUTH_EVENT_PREAUTH_SUCCEEDED were removed in: commit 791be84c3eecb95e03611458e2305bae272ba267 Author: Stefan Metzmacher <metze@samba.org> Date: Wed Mar 2 10:10:08 2022 +1300 s4:kdc: hdb_samba4_audit() is only called once per request So I guess those cases just need to be put back.
This bug was referenced in samba master: b01388da8a72c11c46bb27e773b354520bc6ac88 5294dc80090482d5669126802672eb2c89e269cf
Created attachment 17223 [details] HDB audit patch backport to 4.16
Pushed to autobuild-v4-16-test.
This bug was referenced in samba v4-16-test: 507ececf03d8644b93a9ea953f6ab1c4aefb8e47 41054b612311e624fa6a673808118fc319e758d8
Closing out bug report. Thanks!
This bug was referenced in samba v4-16-stable (Release samba-4.16.0): 507ececf03d8644b93a9ea953f6ab1c4aefb8e47 41054b612311e624fa6a673808118fc319e758d8