Date: Mon, 4 Feb 2002 14:34:59 -0800 (PST) From: Mike Hoskins <mike@adept.org> To: Martin McCormick <martin@dc.cis.okstate.edu> Cc: <freebsd-security@FreeBSD.ORG> Subject: Re: Port 113 Traffic Message-ID: <20020204142741.A53154-100000@snafu.adept.org> In-Reply-To: <200202041914.g14JEiM74583@dc.cis.okstate.edu>
next in thread | previous in thread | raw e-mail | index | archive | help
On Mon, 4 Feb 2002, Martin McCormick wrote: > auth, all right. A man on auth yielded the auth_getval function > in C and not much else so I knew it was some kind of > authorization engine and that's where my trail ran a bit cold. 'Auth' as used here provides the ident service, formerly provided by things like pidentd, and now served from FreeBSD's inetd as the 'auth' service. From /etc/inetd.conf, # Provide internally a real "ident" service which provides ~/.fakeid support, # provides ~/.noident support, reports UNKNOWN as the operating system type # and times out after 30 seconds. #auth stream tcp nowait root internal auth -r -f -n -o \ UNKNOWN -t 30 Ident provides a historically trivially-bypassable (say that three times fast) means of identifying a remote user. As pointed out here, many services attempt ident queries. Some (IRC) may fail to connect at all if ident is unavailable, others (mail) often continue on after the ident request times out... so be sure to configure your firewall per previous instructions in this thread. Later, -Mike -- "They that can give up essential liberty to obtain a little temporary safety deserve neither liberty nor safety." --Benjamin Franklin To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20020204142741.A53154-100000>