Re: Relation between RFC931/RFC1413 and CLF (Common Log Format)?

From: Klaus Johannes Rusch (KlausRusch@atmedia.net)
Date: 05/22/02


Date: Wed, 22 May 2002 08:57:11 +0000
From: Klaus Johannes Rusch <KlausRusch@atmedia.net>
To: Marcel Runte <marcel.runte@web.de>

Marcel Runte wrote:
>
> Hello,
> in connection to my work on web statictics and web server (Domino R5)
> logs, I found a hint in the description of the
> CLF(http://www.w3.org/Deamon/User/Config/Logging.html) to RFC931
> (announced in CLF's description as 'the remote logname of the user')
> and there a hint to the newer RFC1413 (a.k.a. "ident").
>
> Is there a relationship between these two (three) documents?

There is a relationship between these documents indeed:

<URL:http://www.w3.org/Daemon/User/Config/Logging.html> defines two
userid fields, the client identity as per RFC931, and the authenticated
user.

The first value is determined by querying an identd server, most web
servers are configured to not use identd becaues the information is
highly unreliable, and slows down the response to the client.

The second value is determined by the authentication method used, if
any, for example with Basic Authentication this value is the specified
userid.

RFC1413 obsoletes RFC931.

> And if the anwser is YES:
> Is my conclusion right, that this field rfc931 can content more than
> one value as written in RFC931? Or is the RFC931 format description
> represented by 'rfc931 + authuser' in the CLF?

The identity as per RFC931/RFC1431 is a separate field, and is not
related to the authenticated userid.

For a more detailled description of the Common Log Format, see for
example the Apache 2.0 documentation at
<URL:http://httpd.apache.org/docs-2.0/logs.html#common>

-- 
Klaus Johannes Rusch
KlausRusch@atmedia.net
http://www.atmedia.net/KlausRusch/



Relevant Pages

  • Re: AD Security Groups break Authentication
    ... I don't have remote access to the DC but will request a copy of the logs. ... The Security System detected an attempted downgrade attack for server cifs/xxx.xxx.xxx. ... The failure code from authentication protocol Kerberos was "There are currently no logon servers available to service the logon request. ... The Security System could not establish a secured connection with the server cifs/xxx.xxx.xxx. ...
    (microsoft.public.windows.server.active_directory)
  • Re: Troubles with Machine Authentication with EAP-TLS
    ... Set the DNS suffix on the laptop and tried again but had no luck. ... Here is what I am getting in the IAS server log: ... >> On the client I have Network Authentication set to WPA and Data ... In the RADIUS logs I ...
    (microsoft.public.internet.radius)
  • Help .. Small Business Server Error may be DNS ?
    ... In the error logs the domain server is failing kerberous authentication.. ...
    (microsoft.public.windows.server.sbs)
  • Re: sendmail problem
    ... Do not reply to list mails ... > Each of the following recipients was rejected by a remote mail server. ... > Bad authentication response from server. ... Sendmail logs by using syslogd to /var/log/maillog. ...
    (Fedora)
  • Re: Relation between RFC931/RFC1413 and CLF (Common Log Format)?
    ... > in connection to my work on web statictics and web server ... > logs, I found a hint in the description of the ... userid fields, the client identity as per RFC931, and the authenticated ... for example with Basic Authentication this value is the specified ...
    (comp.security.misc)