WHATSNEW: Add entry for auth audit

Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Autobuild-User(master): Andrew Bartlett <abartlet@samba.org>
Autobuild-Date(master): Wed Mar 29 06:35:12 CEST 2017 on sn-devel-144

diff --git a/WHATSNEW.txt b/WHATSNEW.txt
index cda61ef720b627a0efd59c629278239f3e1542e1..4216c4f27590547886aaccf1c7b346ecd9ddbd89 100644 (file)
--- a/WHATSNEW.txt
+++ b/WHATSNEW.txt
@@ -22,13 +22,31 @@ obey client requests to synchronize unwritten data in operating
 system buffers safely onto disk. This is a safer default setting
 for modern SMB1/2/3 clients.
 
+Authentication and Authorization audit support
+----------------------------------------------
+
+Detailed authentication and authorization audit information is now
+logged to Samba's debug logs under the "auth_audit" debug class,
+including in particular the client IP address triggering the audit
+line.  Additionally, if Samba is compiled against the jansson JSON
+library, a JSON representation is logged under the "auth_json_audit"
+debug class.
+
+Audit support is comprehensive for all authentication and
+authorisation of user accounts in the Samba Active Directory Domain
+Controller, as well as the implicit authentication in password
+changes.  In the file server and classic/NT4 domain controller, NTLM
+authentication, SMB and RPC authorization is covered, however password
+changes are not at this stage, and this support is not currently
+backed by a testsuite.
+
 smb.conf changes
 ================
 
   Parameter Name                Description             Default
   --------------                -----------             -------
   strict sync                  Default changed         yes
-
+  auth event notification       New parameter           no
 
 KNOWN ISSUES
 ============