From owner-cvs-ports Fri Oct 13 08:57:17 1995 Return-Path: owner-cvs-ports Received: (from root@localhost) by freefall.freebsd.org (8.6.12/8.6.6) id IAA03883 for cvs-ports-outgoing; Fri, 13 Oct 1995 08:57:17 -0700 Received: from Shug-Internet.Saar.DE (root@shug-internet.saar.de [192.109.53.4]) by freefall.freebsd.org (8.6.12/8.6.6) with ESMTP id IAA03864 ; Fri, 13 Oct 1995 08:56:38 -0700 Received: from TMPuhf.Saar.DE (tmpuhf.saar.de [192.109.53.3]) by Shug-Internet.Saar.DE (8.6.8.1/8.5) with SMTP id QAA25153; Fri, 13 Oct 1995 16:41:01 +0100 Received: from ramsey by TMPuhf.Saar.DE with uucp (Smail3.1.28.1 #1) id m0t3mEE-000215C; Fri, 13 Oct 95 16:40 WET Received: by ramsey.saar.de (/\oo/\ Smail3.1.29.1 #1) id ; Fri, 13 Oct 95 16:02 MET Message-Id: From: torstenb@ramsey.saar.de (Torsten Blum) Subject: Re: cvs commit: ports/security/libident - Imported sources To: peter@jhome.dialix.com (Peter Wemm) Date: Fri, 13 Oct 1995 16:02:32 +0100 (MET) Cc: pst@shockwave.com, phk@critter.tfs.com, asami@freefall.freebsd.org, CVS-commiters@freefall.freebsd.org, cvs-ports@freefall.freebsd.org Reply-To: torstenb@FreeBSD.org In-Reply-To: from "Peter Wemm" at Oct 13, 95 08:26:49 am MIME-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit Content-Length: 2052 Sender: owner-cvs-ports@FreeBSD.org Precedence: bulk (I'm back ;) Peter Wemm wrote: > On Thu, 12 Oct 1995, Paul Traina wrote: > > From: Poul-Henning Kamp > > Subject: Re: cvs commit: ports/security/libident - Imported sources > > > IDENT is ***NOT*** a security protocol. Please remove it from security, > > > it is an ACCOUNTING protocol at best, and utter horse-shit at worse. > > > > > > > But even a shitty authentication tool is a security tool... > > > > excuse me, let me whisper :-) :-) :-) > > > > it's not an authentication tool, I said accounting. > > it is not inteded for authentication or security. > > it should not be in this section of the repository > > it should not even be in the repository (imho) because > > people make mistakes like this. > > While I can appreciate that there are strong sentiments in this area, > ident *can* be used very successfully as an authentication and/or security > tool. We are quite well aware of it's design limitiations, but it's > better than nothing for us! We use it on clusters of machines spread > around the country that are maintained and operated by a single group of > people. There's no politics, so there's no forging or framing etc etc. > We trust our own machines, and therefore have no problem with using ident > between them. identd has it's limitations (rfc 1413, section 6 "Security Considerations") but it can be usefull if you know what you are doing. with an identd query in sendmail one can prevent forged mails from joe average user (I know it's still possible - but it's better than nothing) for example. > I would have preferred libident and pidentd to go into the same > repository area though. If it would keep the peace, I'd suggest moving > libident into "net" (since we dont have "accounting"). I dont think > anybody could argue that it wasn't networking related.. :-) there are too many ports in ports/net - one reason we moved pidentd to security. libident and pidentd belong to ports/security - maybe we should add a big warning about it's limitations... -tb