>From Marcus J Ranum:
>Unless you're talking to something someone just set up that
>claims cheerfully that any and all connections on that machine are
>owned by Rahul Desi. In other words, how do I know I am talking to
^^^^ Dhesi
>an identity server at all?
Either the machine owner is running a process listening to TCP port
113, or he allowed somebody other than root to bind to port 113. In
either case, the machine owner is the one directly or indirectly
accountable for the information returned, not some random user.
The information returned by the identity server is the information
that the machine owner wants you to have. This information now
tells you one of two things (and I will repeat myself):
-- either the connection end-point was under control of the username returned
-- or the connection end-point was under control of somebody with
root access (or equivalent) to the machine
This is MUCH more useful information that the original BSD triple gave
us, which simply told us:
-- the connection was owned by somebody, nobody knows who
Having an identity server's output available allows us to hold a
specific userid, or the machine owner, accountable for the TCP/IP
connection.
Follow-Ups:
|
|
