From: Tomek Mrugalski <tomek@isc.org>
Date: Wed, 5 May 2021 14:07:29 +0000 (+0200)
Subject: [#1590] Doc updated
X-Git-Tag: Kea-1.9.8~144
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=d68d2a93cf5bfe03dabdb648c3215cd92930a212;p=thirdparty%2Fkea.git

[#1590] Doc updated
---

diff --git a/doc/sphinx/arm/logging.rst b/doc/sphinx/arm/logging.rst
index 5b4dafe8a1..7d17986a87 100644
--- a/doc/sphinx/arm/logging.rst
+++ b/doc/sphinx/arm/logging.rst
@@ -140,6 +140,11 @@ libraries), or hooks libraries (open source or premium).
    |                                  |                        | inherit the settings           |
    |                                  |                        | from this logger.              |
    +----------------------------------+------------------------+--------------------------------+
+   | ``kea-ctrl-agent.auth``          | core                   | A logger which covers          |
+   |                                  |                        | access control details, such as|
+   |                                  |                        | a result of the basic HTTP     |
+   |                                  |                        | authentication.                |
+   +----------------------------------+------------------------+--------------------------------+
    | ``kea-ctrl-agent.http``          | core                   | A logger which                 |
    |                                  |                        | outputs log messages           |
    |                                  |                        | related to receiving,          |
diff --git a/doc/sphinx/arm/security.rst b/doc/sphinx/arm/security.rst
index d46fe2b060..d6e11e3a0c 100644
--- a/doc/sphinx/arm/security.rst
+++ b/doc/sphinx/arm/security.rst
@@ -301,7 +301,8 @@ Authentication for Kea's REST API
 Kea 1.9.0 added support for basic HTTP authentication `RFC 7617 <https://tools.ietf.org/html/rfc7617>`_
 to control access for incoming REST commands over HTTP. The credentials (username, password) are
 stored in a local Kea configuration file on disk. The username is logged with the API command so it
-is possible to determine which authenticated user performed each command. Basic HTTP
+is possible to determine which authenticated user performed each command. The access control details
+are logged using a dedicated ``auth`` logger. Basic HTTP
 authentication is weak on its own as there are known dictionary attacks, but those attacks require
 man-in-the-middle to get access to the HTTP traffic. That can be eliminated by using basic HTTP
 authentication exclusively over TLS. In fact, if possible, using client certificates for TLS is better than