Rainer Gerhards schrieb:
I think for syslogd it is sufficient to use one global list of trusted certificates/fingerprints.Yes, but how to configure the "permitted sender" ACLs (those systems that a permitted to send to send messages to the syslogd)?
I was not going to support a seperate host ACL.I do not think there are enough use cases where one has a list of permittet hosts, but cannot use a directory of permitted certificates. One just copies the certificate or fingerprint instead of adding an IP/hostname to a permitted-list.
Besides there is still hosts_access(3). It is easy enough to configure an IP- or hostname-based ACL in /etc/hosts.allow.
-- Martin