26

What's the difference between authpriv and auth in syslog configuration?

It wasn't mentioned in syslog.conf, only tells me that such facility exists.

daisy
  • 53,527
  • 78
  • 236
  • 383

2 Answers2

21

authpriv – non-system authorization messages

auth-authentication and authorization related commands

earlier LOG_AUTHPRIV is for hiding sensitive log messages inside a protected file, e.g., /var/log/auth.log. whereas LOG_AUTH on Linux is not configured with restricted access normally,whereas LOG_AUTHPRIV is. LOG_AUTH instead of using something generic like LOG_USER.

It is recommended to use LOG_AUTHPRIV for auth logs that have a substantial risk of recording someone's password

The GNU C Library manual doesn't document LOG_AUTHPRIV at all and just has LOG_AUTH, so the Linux manpages aren't getting it from there.

now from man syslog i got LOG_AUTH security/authorization messages (DEPRECATED Use LOG_AUTHPRIV instead)

but most of the code i have seen has something like 

 #ifndef LOG_AUTHPRIV
 #define LOG_AUTHPRIV LOG_AUTH
 #endif`

so it is upto you to decide which one to use

harish.venkat
  • 7,313
  • 2
  • 25
  • 30
3

authpriv is a separate bucket for routing authorization messages to a log file that has more restricted permissions that those of auth. Different OS's will send different messages to auth vs. authpriv.

Kannan Mohan
  • 3,191
  • 2
  • 17
  • 16