Subject: Re: tcp-wrappers, tcpd, and NetBSD
To: Warner Losh <imp@village.org>
From: Bill Sommerfeld <sommerfeld@orchard.east-arlington.ma.us>
List: current-users
Date: 03/16/1997 09:46:43
> : If you have a multiuser system and you want to trace which users are
> : doing "interesting" things to the network, it would make far more
> : sense to arrange for networking activity to be auditable (e.g.,
> : logging the time, operation, and user).  
> 
> identd is useful to the operator of a machine iff 1) that operator
> absolutely 100% trusts those with root privs and 2) that machine has
> many users that might do bad things and the machine operator wants to
> be able to punish those users at a later date (or you want to make it
> harder to forge things from your site).

you forgot:

3) the network path between the ident-client and ident-server is
secure against active attacks (i.e., no single-user machines; no unix
systems with known security holes, etc.)

BTW, there are also some privacy implications of ident which I really
don't like...  Consider that ad.doubleclick.net could use ident
queries to identify the origin of requests which came in without
cookies..

					- Bill