Subject: Re: tcp-wrappers, tcpd, and NetBSD
To: None <current-users@NetBSD.ORG>
From: Laine Stump <laine@MorningStar.Com>
List: current-users
Date: 04/21/1997 02:21:30
On Sun, 20 Apr 1997 22:52:35 GMT, (Peter Seebach) wrote:

>All I've seen identd do so far is cause bogus servers to insist that
>machines which are not UNIX (tm) are not allowed to use them, even
>when those machines are perfectly capable of giving out useful data
>about who's who...

>Not very useful, IMHO, a protocol which (in practice) demands either lies
>or expensive proprietary software.

Huh? I don't follow this logic at all.

Just because a few broken ident *clients* apparently (I haven't seen
them myself) insist that the other end have identd running, doesn't mean
that the ident protocol is worthless. Also, it has nothing to do with
either expensive or proprietary software (come on! We *are* on a NetBSD
mailing list here. How much less expensive and less proprietary do you
want it?)

The fact remains that, if a server for some service (eg, smtp) checks
for existence of identd on the system that is contacting it, and records
the information given by the server *if it exists*, it can later be sent
to the administrator of the system running identd to help find who made
that connection. Of course the information is no good to the person who
queries identd - they have no way of verifying it's correct. But if the
sysadmin of the machine running identd knows that his system hasn't been
compromised, he may be able (if he desires) to use the information sent
out by his identd (and collected by the remote system) to figure out
whose hand to slap.

Last time I looked (in v8.8.5), sendmail could gather info from identd,
but worked just fine when systems without identd connect to it. And
NetBSD (and most other free *nixes) included an identd. So who is having
to lie, and who is having to use "expensive proprietary software"?