[1863] in linux-security and linux-alert archive
[linux-security] Re: Services not required?
daemon@ATHENA.MIT.EDU (Peter Svensson)
Sun Jun 14 05:36:04 1998
Date: Thu, 11 Jun 1998 21:23:27 +0200 (MET DST)
From: Peter Svensson <petersv@df.lth.se>
To: "Michael H. Warfield" <mhw@wittsend.com>
cc: linux-security@redhat.com
In-Reply-To: <199806091335.JAA05134@alcove.wittsend.com>
Resent-From: linux-security@redhat.com
Resent-Reply-To: linux-security@redhat.com
On Tue, 9 Jun 1998, Michael H. Warfield wrote:
> > Ummm ... A lot of sites are set to interrogate your identd server when you
> > access them for (mail|ftp|telnet|etc). It makes a good first defense
> > against various 'badness'.
>
> Identd aka auth is spoofable / forgeable on a box you have control.
> For that reason, nobody generally "relies" on it, even though there are
> plenty of services which inquire upon it.
The problem is really that people attemt to use identd for things it is
not meant to solve. It is there for logging purposes, not for
authentication purpoes. It can be used for authentication from trusetd
machines (i.e. ones where the users are believed not to become root or the
equivalent). It is as trustworthy as the machine it is running on.
Identd is a very good way for us to find out which of our users who has
been misbehaving.
Peter
--
Peter Svensson ! Pgp key available by finger, fingerprint:
<petersv@df.lth.se> ! 8A E9 20 98 C1 FF 43 E3 07 FD B9 0A 80 72 70 AF
------------------------------------------------------------------------
Remember, Luke, your source will be with you... always...
--
----------------------------------------------------------------------
Please refer to the information about this list as well as general
information about Linux security at http://www.aoy.com/Linux/Security.
----------------------------------------------------------------------
To unsubscribe:
mail -s unsubscribe linux-security-request@redhat.com < /dev/null