| gabriel rosenkoetter on Wed, 19 Jun 2002 22:20:35 +0200 |
|
On Wed, Jun 19, 2002 at 03:55:22PM -0400, Bill Jonas wrote: > On Tue, Jun 18, 2002 at 12:38:42PM -0400, gabriel rosenkoetter wrote: > > NOTE: You should not rely on the data integrity the identd protocol [...] While I totally agree with that, I didn't write it. (It's from the description of nidentd in NetBSD's pkgsrc.) > would have taken, and wound up using nullidentd instead. The > description of the Debian package reads, "nullidentd is a small, fast > and secure identd daemon. It returns a static string for every query." > Not exactly super-spiffy user identification. Well, the protocol (which is probably in an IETF RFC somewhere, but I'm in no mood to go find it) only dictates that compliant implementations will provide a token that's unique for the duration of the queried communication. The point is for remote sysadmins to have something for the local sysadmins to go through their logs and track. The uid responsible for the connection is the easiest answer to that question, but it's not the most privacy-preserving nor the only one. In any case, identd is sort of solving a problem that doesn't exist (there are already plenty of unique tokens--like say pids related to things that wrote to syslog--to track this kind of thing down). In any case, everybody and their brother has written an identd. My favorite ones pick a word at random from /usr/dict/words, log what they've picked for a given connection, then return that to the requester. > Hmm... I'm tempted to set up nullidentd to return a username of > 'DontYouKnowIdentProvidesNoMeaningfulInformation' or somesuch. ;) Heh. -- gabriel rosenkoetter gr@eclipsed.net Attachment:
pgpqno0hZk89i.pgp
|
|