[fw-wiz] identd, revisited



I remember when i asked if it is useful to make fwtk proxies capable of
ident lookups - about 7 years ago i think ;-) i've heared people screaming
"no, no, identd is insecure and bad, don't use it!"

But what's really wrong with identd? It seems to be a good way to distinguish
users on multiuser hosts. Well, doing that via kerberos or ssl certificates
may be better, but both require some protocol intervention. So if you
do trust host users separation (and if it is compromised at root level no
method is good enough anyways), ident info can be used as well. And it is
up to you what to do with it.

Is ident still being used by anyone besides irc and smtp?

_______________________________________________
firewall-wizards mailing list
firewall-wizards@xxxxxxxxxxxxxxxxxxxxx
https://listserv.icsalabs.com/mailman/listinfo/firewall-wizards



Relevant Pages

  • Re: identd needed ?
    ... Are there real threats that ident helps control? ... in this day and age, ... cookie encoding username and connection information for the remote end to ... given the mass of non-unix OSes out there that don't know what identd is ...
    (comp.os.linux.security)
  • Re: identd needed ?
    ... Are there real threats that ident helps control? ... in this day and age, ... cookie encoding username and connection information for the remote end to ... given the mass of non-unix OSes out there that don't know what identd is ...
    (comp.os.linux.security)
  • Re: [fw-wiz] identd, revisited
    ... ident lookups - about 7 years ago i think;-) i've heared people screaming ... "What's wrong with it" is that the idea behind identd is so ... there still was hope that public key certificates would ... I used to wake up screaming, some nights, because I had this ...
    (Firewall-Wizards)
  • Re: identd server
    ... >> can indeed trust the ident information. ... the systems are usually self-owned and identd ... I already said that ident is only relevant for a multiuser system, ... And you can only trust the network part of the IP if the ...
    (comp.os.linux.security)
  • Re: Clever firewall rules
    ... Subject: Clever firewall rules ... then some systems will pause on identd lookups. ... > There are legitimate reasons for using ident. ... But due to it's common use untill ...
    (Focus-Linux)