Clean up logging of security information a bit:

o Introduce /var/log/authentication.log, which will be the target for
  auth.info and authpriv.info by default.  Rotate on the same schedule
  as most other logs.  Create at installation.

o Remove logging of auth.info from /var/log/security.log, which will
  return to being only for security feature subsystems (such as ipfw,
  and so on).

This creates a special authentication log, which can now be searched
by scripts for authentication events.

etc/Makefile

@@ -130,6 +130,8 @@ distribution:
 	    ${DESTDIR}/etc/dumpdates
 	${INSTALL} -c -o nobody -g ${BINGRP} -m 644 /dev/null \
 	    ${DESTDIR}/var/db/locate.database
+	${INSTALL} -c -o ${BINOWN} -g ${BINGRP} -m 600 /dev/null \
+	    ${DESTDIR}/var/log/authentication.log
 	${INSTALL} -c -o ${BINOWN} -g ${BINGRP} -m 644 /dev/null \
 	    ${DESTDIR}/var/log/lpd-errs
 	${INSTALL} -c -o ${BINOWN} -g ${BINGRP} -m 640 /dev/null \

etc/newsyslog.conf

@@ -10,6 +10,7 @@
 # logfilename          [owner:group]    mode count size when [ZJB] [/pid_file] [sig_num]
 /var/log/cron				600  3	   100	*     Z
 /var/log/amd.log			644  7	   100	*     Z
+/var/log/authentication.log		600  7     100  *     Z
 /var/log/kerberos.log			600  7	   100	*     Z
 /var/log/lpd-errs			644  7	   100	*     Z
 /var/log/maillog			640  7	   *	@T00  Z

etc/syslog.conf

@@ -7,7 +7,8 @@
 #	Consult the syslog.conf(5) manpage.
 *.err;kern.debug;auth.notice;mail.crit		/dev/console
 *.notice;kern.debug;lpr.info;mail.crit;news.err	/var/log/messages
-security.*;auth.info				/var/log/security
+security.*					/var/log/security
+auth.info;authpriv.info				/var/log/authentication.log
 mail.info					/var/log/maillog
 lpr.info					/var/log/lpd-errs
 cron.*						/var/log/cron