Subject: Re: encrypted cookies in identd
To: None <current-users@netbsd.org>
From: Christos Zoulas <christos@zoulas.com>
List: current-users
Date: 02/04/2004 17:30:01
In article <20040204161806.GA9355@panix.com>,
Thor Lancelot Simon <tls@rek.tjls.com> wrote:
>On Wed, Feb 04, 2004 at 10:18:58AM +0200, Alan Barrett wrote:
>> On Wed, 04 Feb 2004, Alan Barrett wrote:
>> > It seems that src/libexec/identd was recently changed from pidentd to a
>> > new implementation that does not support encrypted cookies.
>> > 
>> > Can we expect encrypted cookie support to be added soon?
>> 
>> I have just realised that the new identd's "-r" (random) option can be
>> used to achieve what I want.  The random string can be treated as an
>> opaque cookie, and I can grep for it in the syslog to find the actual
>> username later, if that ever proves desirable.  (I might want to add
>
>If you _happen_ to have the log around.  I've decrypted identd cookies
>months later, when I certainly didn't have the full syslog to play
>with.  I still think this is a significant feature regression.

How? From what I can tell pidentd was never compiled with -C support in?

christos