Re: identd needed ?
From: lynx (noone@nowhere.antispam.net)Date: 02/26/02
- Previous message: lynx: "Re: identd needed ?"
- In reply to: Cameron L. Spitzer: "identd needed ?"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
From: lynx <noone@nowhere.antispam.net> Date: Mon, 25 Feb 2002 18:23:30 -0500
"Cameron L. Spitzer" <spambait@petra.dyndns.org>, in
<slrna7la3u.e0v.spambait@pk.greens.org>:
> Why does he care? Is he trying to catch one of my users sending his own
> mail outside of Qmail? Are there real threats that ident helps control?
in this day and age, not really. if your machine is a multiuser box, and
you want an audit trail in case one of your user crosses some line, then
identd *could* be used to send an encrypted or hashed non-clear-text
cookie encoding username and connection information for the remote end to
store, and the remote end's admin could ask you to look into it if
somebody on your side misbehaves - but sending that info cleartext would
only require you to trust the remote admin as well as your users and
everybody's software, which is bad enough and which you'll have to do
anyway.
given the mass of non-unix OSes out there that don't know what identd is
and won't answer a query, trying to get an ident response out of a remote
end is mostly a waste of bandwidth and processing power. given the number
of personal linux and *BSD boxes where the single user/admin creates
their own user accounts with arbitrary information that can be changed at
will, any information thusly retrieved is of dubious value at best. and
given that most anybody who knows what identd is these days will also
know of the several fake-identd implementations, for any and all
platforms, which will return just whatever you tell them to in all cases,
trying to contact an identd in this day and age is pissing in the wind,
pure and simple.
> Is this an obsolete tradition, or do people still use it?
as i recall it was never all that very useful in the first place, but
nowadays, it's no sensible use at all.
> Will anybody reject my users' mail if I don't run a process with an
> open port just to tell them "qmailr" ?
if anybody does, that somebody is quite likely - in my arrogant opinion -
to not be worth the trouble of emailing anyways.
- lynx, who could name a few IRC networks that need to get an effing
clue about this - suggesting "run a fake identd on your windoze
box" as a solution to "why can't i log on to your server" in the
webpage and FAQ does *not* help you, DALnet!
--
PGP/GnuPG key (ID 1024D/07A530D6) available from keyservers everywhere
Key fingerprint = B5A8 62AD 8263 5415 7C3C 9245 50A7 FD59 07A5 30D6
"...life goes on
long after the thrill of living is gone..."
- Next message: Jem Berkes: "Re: mailserver being scanned..help"
- Previous message: lynx: "Re: identd needed ?"
- In reply to: Cameron L. Spitzer: "identd needed ?"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
