From owner-freebsd-security  Sun Sep 10 05:17:32 1995
Return-Path: security-owner
Received: (from majordom@localhost)
          by freefall.freebsd.org (8.6.12/8.6.6) id FAA20064
          for security-outgoing; Sun, 10 Sep 1995 05:17:32 -0700
Received: from sivka.carrier.kiev.ua (root@sivka.carrier.kiev.ua [193.125.68.130])
          by freefall.freebsd.org (8.6.12/8.6.6) with ESMTP id FAA20058
          for <security@freebsd.org>; Sun, 10 Sep 1995 05:17:26 -0700
Received: from elvisti.kiev.ua (uucp@localhost) by sivka.carrier.kiev.ua (Sendmail 8.who.cares/5)
           with UUCP id PAA09904 for security@freebsd.org; Sun, 10 Sep 1995 15:18:31 +0300
Received: from office.elvisti.kiev.ua (office.elvisti.kiev.ua [193.125.28.33]) by spider2.elvisti.kiev.ua (8.6.12/8.6.9) with ESMTP id OAA01367 for <security@freebsd.org>; Sun, 10 Sep 1995 14:16:23 +0300
Received: (from stesin@localhost) by office.elvisti.kiev.ua (8.6.12/8.6.9) id OAA03773; Sun, 10 Sep 1995 14:16:22 +0300
From: "Andrew V. Stesin" <stesin@elvisti.kiev.ua>
Message-Id: <199509101116.OAA03773@office.elvisti.kiev.ua>
Subject: Re: Do we *really* need logger(1)?
To: pst@shockwave.com (Paul Traina)
Date: Sun, 10 Sep 1995 14:16:22 +0300 (EET DST)
Cc: security@freebsd.org
In-Reply-To: <199509081538.IAA02968@precipice.shockwave.com> from "Paul Traina" at Sep 8, 95 08:38:10 am
X-Mailer: ELM [version 2.4 PL24alpha5]
Content-Type: text
Content-Length: 1133      
Sender: security-owner@freebsd.org
Precedence: bulk

Dear Paul,

#   Comments?
#   
# no, no, No, NO.....NO!!!!!!!!!
# 
# Don't duplicate effort with half-assed schemes that make local assumptions.
# 
# Don't confuse authentication with authorization.
        ^^^^^^^
        	intermix, better to say?

# There are already kerberos patches available for syslogd to do the
# right thing.

	Agreed, 100 hundred times agreed. This is The Best Solution (tm)
	because of many issues, like interoperability, design, etc...
	But: where is FreeBSD Kerberos port for us to use, for example,
	in Europe?

	The second. Does the kerberized version of syslog support
	any kind of fault-tolerant message delivery? (I don't know much
	about Kerberos stuff :( )

	And we need a facility to do cross-host
	logging _today_, and for sensitive information, too.
	Please, I'll be very grateful if someone will give me a
	pointer to some ready-to-use solution. My own desire to
	rewrite syslogd+syslog() (means: to invent another incompatible
	bicycle with square wheels :)   from scratch is not too strong.

-- 

	With best regards -- Andrew Stesin.

	+380 (44) 2760188	+380 (44) 2713457	+380 (44) 2713560