Subject: Re: CVS commit: src (identd -L)
To: Andrew Brown <email@example.com>
From: Jim Wise <firstname.lastname@example.org>
Date: 05/18/1999 14:50:39
-----BEGIN PGP SIGNED MESSAGE-----
On Tue, 18 May 1999, Andrew Brown wrote:
>>>ident stream tcp nowait nobody /bin/echo echo string ?
>>Will not reformat string based on the ports provided by the requesting
>>ident lookup, thus causing an invalid response. It's true -- a simple
>>script to read an ident request, and produce a reply with the correct
>>ports but a static user string would be pretty trivial to write, but it
>>seemed to me more intuitive to add it as a fast-path within identd...
>libwrap? and "twist"?
Works well in conjunction with identd (when identd is called from
inetd). But twist (or spawn ... :DENY) will only hand off to another
command, which will still need to construct a valid identd response
with the ports from the initial request, and a static user field.
identd -L is just such a command.
This also means that if for some bizarre reason you _did_ want to
provide true ident information to some hosts (and the other end was
naive enough to ask for it) you could use hosts.allow to choose whether
to call identd or identd -L.
The bigger issue here, of course, is that identd is simply a really bad
idea. In the vast majority of cases, you really shouldn't be querying
an identd anyway, and you _certainly_ shouldn't trust whatever it
-----BEGIN PGP SIGNATURE-----
Version: PGPfreeware 5.0i for non-commercial use
-----END PGP SIGNATURE-----