> 
>> For a less extreme example (which may therefore be more or less convincing),
>> suppose I take my NetBSD system, boot it to single user mode, add user id's
>> constructed as "user000" through "user999", and then write a tedious shell
>> script using sudo or some similar program to run finger as each uid.

>Okay, this is possibly, but why would someone do this?  I suppose if your
>intent was to deceive the remote system, you can almost always do this no
>matter what they try to use for authenticatoin.  
>

true, what if you

	finger @destination@other_host

the point it to get most of the cases, not all of them!


Also what if the remote host has a bogus identd or has a
.noident file?

		-Pete

------------------------------------------------------------------------------