Date: Fri, 20 Apr 2007 09:01:57 +0300 From: Diomidis Spinellis <dds@aueb.gr> To: Poul-Henning Kamp <phk@phk.freebsd.dk> Cc: arch@FreeBSD.org, Robert Watson <rwatson@FreeBSD.org>, re@FreeBSD.org Subject: Re: Accounting changes Message-ID: <46285755.3010208@aueb.gr> In-Reply-To: <48538.1177047751@critter.freebsd.dk> References: <48538.1177047751@critter.freebsd.dk>
next in thread | previous in thread | raw e-mail | index | archive | help
Poul-Henning Kamp wrote: > In message <4627DD51.9020003@aueb.gr>, Diomidis Spinellis writes: >> Poul-Henning Kamp wrote: >>> In message <20070419212253.L2913@fledge.watson.org>, Robert Watson writes: >>> >>>>> __dev_t ac_tty; /* controlling tty */ >>> This field is useless, nobody uses hardwired RS-232 terminals >>> anymore. >>> >>> What we should do is add a systemcall or sysctl, so session creators >>> like getty, sshd and similar can install a session indentifying string >>> on the session, and then dump that in the accounting. >>> >>> sshd would log IP+port and possibly also credential used for auth. >>> >> Isn't this purpose mostly served by joining the accounting record with >> wtmp on the ll_line field to obtain the IP address from the ll_host field? > > The IP number alone is not a "session identifier", you want the ID > of the credential that gave access as well. Agreed. But, still, the credential identifier should be part of wtmp and not burden every accounting record. There is also the problem of processes running without a controlling terminal, like non-interactive ssh commands, crontab jobs, and so on. Let's try to solve this in a next version of the accounting record, which should be a lot easier to implement, once we get this one right.
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?46285755.3010208>