Subject: Re: identd...
To: BSD Current Users <current-users@netbsd.org>
From: Greg A. Woods <woods@weird.com>
List: current-users
Date: 12/12/2000 12:26:07
[ On Tuesday, December 12, 2000 at 01:16:55 (-0800), Erik E. Fair wrote: ]
> Subject: Re: identd...
>
> http://www.clock.org/~fair/opinion/identd.html
>
> comes complete with source code to an alternate identd daemon. Must
> faster, no privs required, and no kernel grovelling.
Now that NetBSD has crypto by default identd need no longer be pointless
or dangerous. In fact with support for sending an encrypted response
identd is again useful for its original intended purpose -- i.e. to
supply remote "client" systems with tokens that the originating
administrator can use in the future should there ever be a need to
identify the originating user. In this case the "token" is actually the
full data, but in encrypted form, and so the originating system need not
even maintain their logs -- just keep the original encryption key (and
of course keep it safe).
I've re-integrated the crypt module into identd and I would have
submitted a PR with it and the companion idecrypt utility by now, but
I'm still messing with how best to ensure that there's a proper <des.h>
as required by des_crypt(3). The temporary solution I've been testing
has been to add:
LINKS= ${DESTDIR}/${INCSDIR}/des.h ${DESTDIR}/usr/include/des.h
to src/lib/libcrypto/Makeflie.
--
Greg A. Woods
+1 416 218-0098 VE3TCP <gwoods@acm.org> <robohack!woods>
Planix, Inc. <woods@planix.com>; Secrets of the Weird <woods@weird.com>