On Tue, 31 Jan 1995, Wes Morgan wrote:
> Well, there are packages out there that look for Ident info (and can
> delay processing while waiting for it). If memory serves, both the
> wuarchive ftpd and Allman's 8.6.x sendmail have this capability.
And TCPD on most systems. Now, you may not use PARANOID, but it still
tries to look up connections.
> I suppose that one could simply modify the identd code to return a
> bogus message. That would satisfy those packages which merely look
> for a response.
Hmmm.. You mean like "unknown"? Didn't I see a configuration option for
that in pidentd? Hmmmm.. :)
> The adventurous could modify the identd code to return real info to
> requests from within the domain, but a dummy answer to those from
> without. Best of both worlds, perhaps? I'm sure that folks wouldn't
> mind an -DFIREWALL option in the next release of pidentd.
I don't have the source handy at the moment, but I do remember
configuring pidentd to respond "unknown" to all lookups. I believe this
is what you are asking for.
>
> ps> If anyone is actually interested in this idea, current pidentd sources
> (well written and easy to understand, IMHO) are available via FTP
> from ftp.lysator.liu.se...
What really gets my goat is the fact most "secure" sites enable PARANOID
so that poor PC users (that don't run identd servers, mind you) have to
wait for an excruciating period of time. Is identd so reliable and
widespread as to REQUIRE its use for logging?
As to authentication with identd... You can't be serious.
( Remember, take this message with a grain of salt. I'm usually merely but a
lurker. If this topic is already dead... cat > /dev/null )
____________________________________________________________
\ Ian C. Blenke Phone: (813)662-9004/9404 /
\ Blenke Systems Consulting <ian @
blenke .
com> /
/ University of South Florida <blenke @
eng .
usf .
edu> \
--- E-Mail scholar. Guru in Training. Internaut by night ---
References:
|
|
