Re: Relation between RFC931/RFC1413 and CLF (Common Log Format)?

From: Klaus Johannes Rusch (KlausRusch@atmedia.net)
Date: 05/22/02


Date: Wed, 22 May 2002 08:57:11 +0000
From: Klaus Johannes Rusch <KlausRusch@atmedia.net>
To: Marcel Runte <marcel.runte@web.de>

Marcel Runte wrote:
>
> Hello,
> in connection to my work on web statictics and web server (Domino R5)
> logs, I found a hint in the description of the
> CLF(http://www.w3.org/Deamon/User/Config/Logging.html) to RFC931
> (announced in CLF's description as 'the remote logname of the user')
> and there a hint to the newer RFC1413 (a.k.a. "ident").
>
> Is there a relationship between these two (three) documents?

There is a relationship between these documents indeed:

<URL:http://www.w3.org/Daemon/User/Config/Logging.html> defines two
userid fields, the client identity as per RFC931, and the authenticated
user.

The first value is determined by querying an identd server, most web
servers are configured to not use identd becaues the information is
highly unreliable, and slows down the response to the client.

The second value is determined by the authentication method used, if
any, for example with Basic Authentication this value is the specified
userid.

RFC1413 obsoletes RFC931.

> And if the anwser is YES:
> Is my conclusion right, that this field rfc931 can content more than
> one value as written in RFC931? Or is the RFC931 format description
> represented by 'rfc931 + authuser' in the CLF?

The identity as per RFC931/RFC1431 is a separate field, and is not
related to the authenticated userid.

For a more detailled description of the Common Log Format, see for
example the Apache 2.0 documentation at
<URL:http://httpd.apache.org/docs-2.0/logs.html#common>

-- 
Klaus Johannes Rusch
KlausRusch@atmedia.net
http://www.atmedia.net/KlausRusch/