From owner-freebsd-hackers  Sun Jul 11 13:32:14 1999
Delivered-To: freebsd-hackers@freebsd.org
Received: from overcee.netplex.com.au (overcee.netplex.com.au [202.12.86.7])
	by hub.freebsd.org (Postfix) with ESMTP id 4248114CFB
	for <hackers@freebsd.org>; Sun, 11 Jul 1999 13:32:05 -0700 (PDT)
	(envelope-from peter@netplex.com.au)
Received: from netplex.com.au (localhost [127.0.0.1])
	by overcee.netplex.com.au (Postfix) with ESMTP
	id B320983; Mon, 12 Jul 1999 04:32:03 +0800 (WST)
	(envelope-from peter@netplex.com.au)
X-Mailer: exmh version 2.0.2 2/24/98
To: John Polstra <jdp@polstra.com>
Cc: Doug <Doug@gorean.org>, hackers@freebsd.org
Subject: Re: a BSD identd 
In-reply-to: Your message of "Sun, 11 Jul 1999 13:19:18 MST."
             <XFMail.990711131918.jdp@polstra.com> 
Date: Mon, 12 Jul 1999 04:32:03 +0800
From: Peter Wemm <peter@netplex.com.au>
Message-Id: <19990711203203.B320983@overcee.netplex.com.au>
Sender: owner-freebsd-hackers@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.ORG

John Polstra wrote:
> Doug wrote:
> > John Polstra wrote:
> >> 
> >> Are you sure?  If you simply don't run an identd, the queries will
> >> get an instant connection refused error.  That's even faster than
> >> sending back a bogus response.
> >
> >       Many daemons that request ident, and almost all IRC daemons
> > that I'm aware of don't take "NO" for an answer. They sit waiting
> > for a valid response, and timeout after X seconds, where X is c. 30
> > seconds.
> 
> Really??  Even though their connect() call failed?  Ick!  I know
> sendmail doesn't behave that way.  I'll take your word about the IRC
> daemons -- I don't know anything about them.

No, they connect().  If it times out (eg: packet filter), it kicks you out.
If it gets through and the ident server doesn't respond within the 30
second timeout, it drops you again.  If it connects and gets a 'Warm-Fuzzy'
or an error of some sort, it drops you.  If it gets a non-UNIX username
response, it kicks you out.  Basically, to use a well connected irc server,
you *must* run an identd that returns a valid username response, and that
username is used in your conversations.  Some servers will let you on
without a fully functional identd, but in my experience they seem to be the
most unreliable as they are the most abused.

ISP's run identd on their shell servers.  That's so that when their servers
get banned from IRC, they can find out which of their shell users from their
shell users to have taken out and shot.

Cheers,
-Peter



To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-hackers" in the body of the message