hey folks, I keep seeing this on the internet "The user name lookup feature of TCP Wrappers uses identd to identify the username of the remote host. By default, this feature is disabled, as identd may appear hung when there are a large number of TCP connections." but I cant seem to find out how/where to enable said feature. Jason
On 10/14/2015 11:39 AM, Jason Welsh wrote:> hey folks, I keep seeing this on the internet > > "The user name lookup feature of TCP Wrappers uses identd to identify > the username of the remote host. By default, this feature is disabled, > as identd may appear hung when there are a large number of TCP > connections." > > but I cant seem to find out how/where to enable said feature.authd or identd has to be enabled on the CLIENTS, and its a completely untrustworthy system. the user information is sent in cleartext with no validation, and if the remote client is under someone elses control they can install a authd/identd that replies with anything they wish. in centos6, at least, to install and enable authd, do... # yum install authd .... # chkconfig auth on -- john r pierce, recycling bits in santa cruz
On 10/14/2015 11:39 AM, Jason Welsh wrote:> but I cant seem to find out how/where to enable said feature.See the man pages for hosts_options and hosts_access. It is rare for systems to support RFC 931 and common for firewalls to drop requests (creating long delays in connections), so user name lookup is probably only useful within a private network of systems that you control, on which you have enabled identd on each client system.
understood. this is just on a local network.. thanks for the info On 10/14/2015 03:20 PM, Gordon Messmer wrote:> On 10/14/2015 11:39 AM, Jason Welsh wrote: >> but I cant seem to find out how/where to enable said feature. > > See the man pages for hosts_options and hosts_access. It is rare for > systems to support RFC 931 and common for firewalls to drop requests > (creating long delays in connections), so user name lookup is probably > only useful within a private network of systems that you control, on > which you have enabled identd on each client system. > _______________________________________________ > CentOS mailing list > CentOS at centos.org > https://lists.centos.org/mailman/listinfo/centos