Subject: Re: encrypted cookies in identd
To: Alan Barrett <apb@cequrux.com>
From: Thor Lancelot Simon <tls@rek.tjls.com>
List: tech-userlevel
Date: 02/04/2004 11:18:07
On Wed, Feb 04, 2004 at 10:18:58AM +0200, Alan Barrett wrote:
> On Wed, 04 Feb 2004, Alan Barrett wrote:
> > It seems that src/libexec/identd was recently changed from pidentd to a
> > new implementation that does not support encrypted cookies.
> > 
> > Can we expect encrypted cookie support to be added soon?
> 
> I have just realised that the new identd's "-r" (random) option can be
> used to achieve what I want.  The random string can be treated as an
> opaque cookie, and I can grep for it in the syslog to find the actual
> username later, if that ever proves desirable.  (I might want to add

If you _happen_ to have the log around.  I've decrypted identd cookies
months later, when I certainly didn't have the full syslog to play
with.  I still think this is a significant feature regression.

Thor