Hi Ed, Could you tell us how to fix the security problem mentioned in this CERT advisory your referring to?
Thanks!!! -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of Ed Wilts Sent: Tuesday, January 08, 2002 9:05 AM To: [EMAIL PROTECTED] Subject: Re: identd: Who needs it? On Tue, Jan 08, 2002 at 06:16:55PM +0100, Emmanuel Seyman wrote: > On Tue, Jan 08, 2002 at 04:48:36PM +0100, Leonard den Ottolander wrote: > > > > > > What processes use identd? > > The RFC (sorry, forgot the number) for the protocol says it's only > used for the finger service. When I asked this list the same question > a while ago, I was told it's also used in irc servers. It's also used by ftp. Here's a quick dump from recent CERT advisory: "WU-FTPD can perform RFC 931 authentication when accepting inbound connections from clients. RFC 931 defines the Authentication Server Protocol, and is obsoleted by RFC 1413 which defines the Identity Protocol. RFC 931 is commonly known as "auth" or "authd", and RFC 1413 is commonly known "ident" or "identd". Both are named after the daemon that commonly provides the service. When using RFC 931 authentication, WU-FTPD will request ident information before authorizing a connection request from a client. The auth or ident service running on the client returns user-specific information, allowing WU-FTPD to make authentication decisions based on data in the ident response." Cheers, .../Ed -- Ed Wilts, Mounds View, MN, USA mailto:[EMAIL PROTECTED] _______________________________________________ Redhat-list mailing list [EMAIL PROTECTED] https://listman.redhat.com/mailman/listinfo/redhat-list _______________________________________________ Redhat-list mailing list [EMAIL PROTECTED] https://listman.redhat.com/mailman/listinfo/redhat-list
