Re: shishid: Usage of syslog facilities.

[Simon Josefsson]

Mats Erik Andersson <address@hidden> writes:

> torsdag den 16 augusti 2012 klockan 22:23 skrev Simon Josefsson detta:
>> Mats Erik Andersson <address@hidden> writes:
>> 
>> > Anyway, you should provide for LOG_AUTH.
>> >
>> > BSD systems use two different settings as standard,
>> > and the are not using "/var/log/syslog" at all:
>> 
>> Interesting.  The reason I used LOG_AUTHPRIV instead of LOG_AUTH was
>> that my syslog manpage (Ubuntu 12.04) says:
>> 
>>        LOG_AUTH       security/authorization    messages    (DEPRECATED    
>> Use
>>                       LOG_AUTHPRIV instead)
>
> You are somewhat jumping your conclusions here. Taking further advice
> from <sys/syslog.h> on GNU/Linux or BSD will clarify the matter:
>
>
>      { "security", LOG_AUTH }       /* DEPRECATED */
>
> but
>
>      { "auth",     LOG_AUTH }
>      { "authpriv", LOG_AUTHPRIV }
>
> are still recommended. Observe the nomen "security", which is
> better avoided since a rather long time.

Agreed -- but doesn't that just imply that use of the "security" name is
deprecated?  My man page implied LOG_AUTH was deprecated, which seems
different.

I could not find anything about LOG_AUTH being deprecated in the GNU
libc manual or source code.  RFC 5424 describes (informally) both
facilities (by code, 4 and 10).  RFC 3164 contains a note:

        Note 1 - Various operating systems have been found to utilize
           Facilities 4, 10, 13 and 14 for security/authorization,
           audit, and alert messages which seem to be similar.

RFC5427 describe "auth" as "authorization messages" and "authpriv" as
"security/authorization messages".

MIT's krb5.conf says they use LOG_AUTH per default.

I'm inclined to use LOG_AUTH instead and file a bug report on the man
page to drop the remark about deprecation.

/Simon