Re: shishid: Usage of syslog facilities.

[Russ Allbery]

Simon Josefsson <address@hidden> writes:

> I don't think shishid would ever syslog any passwords.  So maybe we
> should use LOG_AUTH instead, then?  I wonder why LOG_AUTH was marked
> deprecated in my man page...

I don't know why the Linux manpages project marks LOG_AUTH in general as
deprecated.  I know that LOG_AUTH on Linux is not configured with
restricted access normally, whereas LOG_AUTHPRIV is, but I would still
tend to log authentication subsystems (that don't require special
permissions) to LOG_AUTH instead of using something generic like LOG_USER.
Although I suppose from the perspective of the local system the KDC is
just another user process, not part of the authentication infrastructure
for that particular system.

The GNU C Library manual doesn't document LOG_AUTHPRIV at all and just has
LOG_AUTH, so the Linux manpages aren't getting it from there.

POSIX itself only standardizes LOG_USER and the LOG_LOCALn priorities and
says nothing about any of the other possibilities.

-- 
Russ Allbery (address@hidden)             <http://www.eyrie.org/~eagle/>