Date: Sun, 11 Jul 1999 02:30:51 -0400 (EDT) From: "Brian F. Feldman" <green@FreeBSD.org> To: Kevin Day <toasty@dragondata.com> Cc: Mark Murray <mark@grondar.za>, hackers@FreeBSD.org Subject: Re: a BSD identd Message-ID: <Pine.BSF.4.10.9907110226290.13403-100000@janus.syracuse.net> In-Reply-To: <199907110549.AAA11611@celery.dragondata.com>
next in thread | previous in thread | raw e-mail | index | archive | help
On Sun, 11 Jul 1999, Kevin Day wrote:
> > > Is it worth it to write an identd for FreeBSD? With one sysctl added, it's
> > > trivial to implement. If an identd would be desired, then should I make a
> > > separate one, or rewrite the current inetd's internal identd shim? I
> > > don't see a reason for pidentd when we could have an identd built in by
> > > me fixing inetd up, and it would all take up less space.
> >
> > There is the question - what for? identd is of questionable use at best.
> >
> > The best use of identd I have seen is crypted cookies that would allow
> > an attackee to identify an attacker in a non-privacy-invasive manner.
> > In 3 years of running this at an ISP, I have never seen it used in anger.
> >
> > Under normal circumstances (${BIGNUM} Wintendo boxes running IRC
> > clients), the info given is completely useless.
> >
>
> Just to add a counter-point here, I run an ISP that offers shell accounts.
> We get idiot customers using IRC for all sorts of nasty things at times, and
> identd is the only method I have for knowing who did it when I get
> complaints.
>
> However, pidentd is rather buggy of late, and tends to freak out a lot. If
> we could have an 'official' identd, I'd like it. :)
Go ahead and try out mine then! You'll need the following patches from
http://www.FreeBSD.org/~green/ :
socred.patch (not necessary for 4.0; some parts require manual attention in 3.X, as it won't patch perfectly; this is already applied in 4.0)
getcred.patch
inetd_ident.patch
Patch them in in order, making sure they apply correctly. Then make includes,
rebuild the kernel, rebuild modules, install kernel and modules, rebuild
inetd, edit inetd.conf to enable the built-in "auth" service, and
reboot. Let me know how it goes. I hope to make this standard as part of 4.0 :)
>
> Kevin
>
Brian Fundakowski Feldman _ __ ___ ____ ___ ___ ___
green@FreeBSD.org _ __ ___ | _ ) __| \
FreeBSD: The Power to Serve! _ __ | _ \._ \ |) |
http://www.FreeBSD.org/ _ |___/___/___/
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-hackers" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.BSF.4.10.9907110226290.13403-100000>