From owner-freebsd-hackers Sat Jul 10 23:31:20 1999 Delivered-To: freebsd-hackers@freebsd.org Received: from janus.syracuse.net (janus.syracuse.net [205.232.47.15]) by hub.freebsd.org (Postfix) with ESMTP id 72A3514C82 for ; Sat, 10 Jul 1999 23:31:18 -0700 (PDT) (envelope-from green@FreeBSD.org) Received: from localhost (green@localhost) by janus.syracuse.net (8.9.2/8.8.7) with ESMTP id CAA14598; Sun, 11 Jul 1999 02:30:52 -0400 (EDT) X-Authentication-Warning: janus.syracuse.net: green owned process doing -bs Date: Sun, 11 Jul 1999 02:30:51 -0400 (EDT) From: "Brian F. Feldman" X-Sender: green@janus.syracuse.net To: Kevin Day Cc: Mark Murray , hackers@FreeBSD.org Subject: Re: a BSD identd In-Reply-To: <199907110549.AAA11611@celery.dragondata.com> Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-hackers@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.ORG On Sun, 11 Jul 1999, Kevin Day wrote: > > > Is it worth it to write an identd for FreeBSD? With one sysctl added, it's > > > trivial to implement. If an identd would be desired, then should I make a > > > separate one, or rewrite the current inetd's internal identd shim? I > > > don't see a reason for pidentd when we could have an identd built in by > > > me fixing inetd up, and it would all take up less space. > > > > There is the question - what for? identd is of questionable use at best. > > > > The best use of identd I have seen is crypted cookies that would allow > > an attackee to identify an attacker in a non-privacy-invasive manner. > > In 3 years of running this at an ISP, I have never seen it used in anger. > > > > Under normal circumstances (${BIGNUM} Wintendo boxes running IRC > > clients), the info given is completely useless. > > > > Just to add a counter-point here, I run an ISP that offers shell accounts. > We get idiot customers using IRC for all sorts of nasty things at times, and > identd is the only method I have for knowing who did it when I get > complaints. > > However, pidentd is rather buggy of late, and tends to freak out a lot. If > we could have an 'official' identd, I'd like it. :) Go ahead and try out mine then! You'll need the following patches from http://www.FreeBSD.org/~green/ : socred.patch (not necessary for 4.0; some parts require manual attention in 3.X, as it won't patch perfectly; this is already applied in 4.0) getcred.patch inetd_ident.patch Patch them in in order, making sure they apply correctly. Then make includes, rebuild the kernel, rebuild modules, install kernel and modules, rebuild inetd, edit inetd.conf to enable the built-in "auth" service, and reboot. Let me know how it goes. I hope to make this standard as part of 4.0 :) > > Kevin > Brian Fundakowski Feldman _ __ ___ ____ ___ ___ ___ green@FreeBSD.org _ __ ___ | _ ) __| \ FreeBSD: The Power to Serve! _ __ | _ \._ \ |) | http://www.FreeBSD.org/ _ |___/___/___/ To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-hackers" in the body of the message