Skip site navigation (1)Skip section navigation (2)
Date:      Fri, 20 Apr 2007 09:01:57 +0300
From:      Diomidis Spinellis <dds@aueb.gr>
To:        Poul-Henning Kamp <phk@phk.freebsd.dk>
Cc:        arch@FreeBSD.org, Robert Watson <rwatson@FreeBSD.org>, re@FreeBSD.org
Subject:   Re: Accounting changes
Message-ID:  <46285755.3010208@aueb.gr>
In-Reply-To: <48538.1177047751@critter.freebsd.dk>
References:  <48538.1177047751@critter.freebsd.dk>

next in thread | previous in thread | raw e-mail | index | archive | help
Poul-Henning Kamp wrote:
> In message <4627DD51.9020003@aueb.gr>, Diomidis Spinellis writes:
>> Poul-Henning Kamp wrote:
>>> In message <20070419212253.L2913@fledge.watson.org>, Robert Watson writes:
>>>
>>>>> 	__dev_t   ac_tty;		/* controlling tty */
>>> This field is useless, nobody uses hardwired RS-232 terminals
>>> anymore.
>>>
>>> What we should do is add a systemcall or sysctl, so session creators
>>> like getty, sshd and similar can install a session indentifying string
>>> on the session, and then dump that in the accounting.
>>>
>>> sshd would log IP+port and possibly also credential used for auth.
>>>
>> Isn't this purpose mostly served by joining the accounting record with 
>> wtmp on the ll_line field to obtain the IP address from the ll_host field?
> 
> The IP number alone is not a "session identifier", you want the ID
> of the credential that gave access as well.

Agreed.  But, still, the credential identifier should be part of wtmp 
and not burden every accounting record.  There is also the problem of 
processes running without a controlling terminal, like non-interactive 
ssh commands, crontab jobs, and so on.  Let's try to solve this in a 
next version of the accounting record, which should be a lot easier to 
implement, once we get this one right.



Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?46285755.3010208>