Return to BSD News archive
Xref: sserve comp.protocols.tcp-ip:36273 comp.unix.bsd.bsdi.misc:156 Path: sserve!newshost.anu.edu.au!harbinger.cc.monash.edu.au!yarrina.connect.com.au!classic.iinet.com.au!news.uoknor.edu!news.ecn.uoknor.edu!paladin.american.edu!zombie.ncsc.mil!news.mathworks.com!gatech!newsxfer.itd.umich.edu!agate!dog.ee.lbl.gov!news.cs.utah.edu!news.provo.novell.com!park.uvsc.edu!usenet From: Terry Lambert <terry@cs.weber.edu> Newsgroups: comp.protocols.tcp-ip,comp.unix.bsd.bsdi.misc Subject: Re: What uses identd Date: 8 May 1995 17:38:09 GMT Organization: Utah Valley State College, Orem, Utah Lines: 34 Message-ID: <3olku1$ffp@park.uvsc.edu> References: <3ohon1$i35@news.voicenet.com> <3ojm8b$5tg@park.uvsc.edu> <DJM.95May8110133@jeeves.va.pubnix.com> NNTP-Posting-Host: hecate.artisoft.com djm@va.pubnix.com (David J. MacKenzie) wrote: ] > ] I was wondering what utilities use the identd server, which returns the ] > ] remote user name using a tcp/ip port. ] ] > Major one is TCPWrappers to let you reject everyone but specific ] > users from a machine from connecting to specific services. ] ] httpd can also be configured to use it in log files. But most systems ] have the ident service turned off, or configured to return a bogus ] answer. Since it's not authenticated, it's pretty much worthless. It's authenticated by virtue of needing you to use a reserved port on the server to present the daemon. That is, if I trust <machine> enough to put it in my allowed host list, then I can trust it to not lie about <foo>@<machine> being the owner of the socket rather than <fee>@<machine>. I don't see how you could authenticate anyway -- public keys are a vouchsafe system at best. I have to trust <fee> that he wasn't lying when he told me <foo> had public key <XXX>. Other than having the NSA control the account creation and the administration of all systems, I don't see how you are going to get anything stronger without ensuring the machine is inside the secure zone (on your side of your firewall)... and then you already trust it, or it wouldn't have been placed in the secure zone instead of outside it. Terry Lambert terry@cs.weber.edu --- Any opinions in this posting are my own and not those of my present or previous employers.