From owner-cvs-ports  Thu Oct 12 17:30:44 1995
Return-Path: owner-cvs-ports
Received: (from root@localhost)
          by freefall.freebsd.org (8.6.12/8.6.6) id RAA06337
          for cvs-ports-outgoing; Thu, 12 Oct 1995 17:30:44 -0700
Received: from jhome.DIALix.COM (jhome.DIALix.COM [192.203.228.69])
          by freefall.freebsd.org (8.6.12/8.6.6) with ESMTP id RAA06271
          ; Thu, 12 Oct 1995 17:29:50 -0700
Received: (from peter@localhost) by jhome.DIALix.COM (8.6.12/8.6.9) id IAA01812; Fri, 13 Oct 1995 08:26:50 +0800
Date: Fri, 13 Oct 1995 08:26:49 +0800 (WST)
From: Peter Wemm <peter@jhome.DIALix.COM>
To: Paul Traina <pst@shockwave.com>
cc: Poul-Henning Kamp <phk@critter.tfs.com>,
        Satoshi Asami <asami@freefall.freebsd.org>,
        CVS-commiters@freefall.freebsd.org, cvs-ports@freefall.freebsd.org
Subject: Re: cvs commit: ports/security/libident - Imported sources 
In-Reply-To: <199510121743.KAA08710@precipice.shockwave.com>
Message-ID: <Pine.BSF.3.91.951013080920.539B-100000@jhome.DIALix.COM>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Sender: owner-cvs-ports@FreeBSD.org
Precedence: bulk

On Thu, 12 Oct 1995, Paul Traina wrote:
>   From: Poul-Henning Kamp <phk@critter.tfs.com>
>   Subject: Re: cvs commit: ports/security/libident - Imported sources 
>   > IDENT is ***NOT*** a security protocol.  Please remove it from security,
>   > it is an ACCOUNTING protocol at best, and utter horse-shit at worse.
>   > 
>   
>   But even a shitty authentication tool is a security tool...
> 
> excuse me, let me whisper :-) :-) :-)
> 
> it's not an authentication tool, I said accounting.
> it is not inteded for authentication or security.
> it should not be in this section of the repository
> it should not even be in the repository (imho) because
> people make mistakes like this.

While I can appreciate that there are strong sentiments in this area,
ident *can* be used very successfully as an authentication and/or security
tool.  We are quite well aware of it's design limitiations, but it's
better than nothing for us!  We use it on clusters of machines spread
around the country that are maintained and operated by a single group of
people.  There's no politics, so there's no forging or framing etc etc. 
We trust our own machines, and therefore have no problem with using ident
between them.

I would have preferred libident and pidentd to go into the same 
repository area though.  If it would keep the peace, I'd suggest moving 
libident into "net" (since we dont have "accounting").  I dont think 
anybody could argue that it wasn't networking related.. :-)

Cheers,
-Peter