Subject: Re: identd with NAT and IPv6 support.
To: Henry B. Hotz <hotz@jpl.nasa.gov>
From: Greg A. Woods <woods@weird.com>
List: netbsd-users
Date: 04/02/2002 16:47:23
[ On Tuesday, April 2, 2002 at 12:08:15 (-0800), Henry B. Hotz wrote: ]
> Subject: Re: identd with NAT and IPv6 support.
>
> One of the easy ways to configure PostgreSQL is to use identd to 
> identify the user when the request comes from the same machine as the 
> server is running on.  All the other ways of authenticating a user 
> connection are a real pain in comparison.  This is a standard 
> application, compiled as provided.

Yes indeed!

Unfortunately PostgreSQL cannot (yet) deal with more arbitrary IDENT
reply formatting and encryption using a shared secret....

> I've always considered that if I couldn't trust the machine I was 
> running on then I was pretty much hosed anyway.  CFS doesn't prevent 
> root from seeing your data files, nor Kerberos prevent root from 
> impersonating you.

Be careful how you deploy this particular application of IDENT though.
It's not just the systems you have to trust, but the network as well....

-- 
								Greg A. Woods

+1 416 218-0098;  <gwoods@acm.org>;  <g.a.woods@ieee.org>;  <woods@robohack.ca>
Planix, Inc. <woods@planix.com>; VE3TCP; Secrets of the Weird <woods@weird.com>