From owner-cvs-ports Tue Nov 5 10:23:57 1996 Return-Path: owner-cvs-ports Received: (from root@localhost) by freefall.freebsd.org (8.7.5/8.7.3) id KAA14762 for cvs-ports-outgoing; Tue, 5 Nov 1996 10:23:57 -0800 (PST) Received: (from peter@localhost) by freefall.freebsd.org (8.7.5/8.7.3) id KAA14739; Tue, 5 Nov 1996 10:23:46 -0800 (PST) Date: Tue, 5 Nov 1996 10:23:46 -0800 (PST) From: Peter Wemm Message-Id: <199611051823.KAA14739@freefall.freebsd.org> To: CVS-committers, cvs-all, cvs-ports Subject: cvs commit: ports/security/pidentd Makefile ports/security/pidentd/patches patch-af patch-ag Sender: owner-cvs-ports@FreeBSD.ORG X-Loop: FreeBSD.org Precedence: bulk peter 96/11/05 10:23:45 Modified: security/pidentd Makefile Added: security/pidentd/patches patch-af patch-ag Log: Add a compile option so that identd will send encrypted cookies out rather than usernames. This makes it much more difficult for somebody to "frame" one of your users. ie: instead of people getting: connect from peter@spinner.DIALix.COM in their syslogs, they will get this instead: connect from [W+rNvCy5FuPV4xEj8thdXIlfD9qNIbzB]@spinner.DIALix.COM The remote site will have to send it to you to decode it. When you are given one of these cookies, you can know for sure it is not faked, and you don't have to trust the word of the remote sysadmin when arranging your local lame hacker-type user to meet with an unfortunate incident :-). This feature is documented in the man pages. Also, fix an apparent bug in the code that deals with this, but it might be a feature of the version of libdes we have on FreeBSD. Requested by: markm (a fair while ago) Revision Changes Path 1.17 +12 -1 ports/security/pidentd/Makefile