Subject: Re: tcp-wrappers, tcpd, and NetBSD
To: Jonathan Stone <jonathan@dsg.stanford.edu>
From: Bill Sommerfeld <sommerfeld@orchard.east-arlington.ma.us>
List: current-users
Date: 03/15/1997 23:27:28
> > The best one of these alternative identd servers I ever saw was a
> > small piece of C code that always identified the user as Dan
> > Bernstein.
Yup, it's running (among other places) on bloom-beacon.mit.edu ..
> I would think "Mike St. Johns" would be a more intelligent response...
Actually, Mike St. Johns publically stated that ident was a bad idea a
number of years ago, when Dan Bernstein started a campaign to attempt
to push a revised version of ident along the standards track..
If you have a multiuser system and you want to trace which users are
doing "interesting" things to the network, it would make far more
sense to arrange for networking activity to be auditable (e.g.,
logging the time, operation, and user).
It would seem to be a very simple extension to the ipfilter suite to
allow control, and logging of traffic based on a process's
credentials. Moreover, it would probably involve far less overhead
than ident, leaves the choice of whether to disclose the identity of
the accused to the user's sysadmin, and has a much more dependable
"chain of evidence".
- Bill