Logging within Kerberos
Darren Reed (OSE)
darrenr at optimation.com.au
Thu Jun 5 04:32:05 EDT 2003
Just briefly, looking at logging to syslog, upon first
reading the man page for krb5.conf, it APPEARS that an
administrator is given to believe that if you specify
a syslog directive in that file with the priority,
then all messages come out with the same priority.
Upon looking at lib/kadm5/logger.c, it is apparent that
this is not the case - syslog() gets passed the priority
from the krb5_klog_syslog() without it being overridden.
Or at least that's how I read it. Have I missed something
here? In a gcc style report, it appears to me that
lsu_severity is only ever set and not used :) Thinking
about it, to me it's like the implementation is backward:
you would normally want to do "SYSLOG:DAEMON", only.
Hence a change to make the priority ineffective in that
statement gives the "SYSLOG:DAEMON" result if you specify
"SYSLOG:DEBUG:DAEMON" without changing the file syntax.
Only problem is the man page doesn't reflect the
Well, I hope it is a man-page bug...or is it a logger.c bug?
The only behaviour that I don't want the KDC to do is how
it is described in the man page - force all syslog messages
to come out with the same priority. Anything else, such as
ignoring the priority field in the log statement or using
it for filtering in the application is perfectly fine :)
If someone will clarify the situation, I'll send a bug
report in :-)
More information about the krbdev