23 lines
1 KiB
Text
23 lines
1 KiB
Text
|
didentd is a modular RfC1423 (identd) server for FreeBSD and Linux written
|
||
|
|
with security in mind. The Server normally runs chrooted under /proc/net on
|
||
|
|
an unprivileged id.
|
||
|
|
|
||
|
|
Normally didentd does not send an username but an encrypted audit token to
|
||
|
|
the client. This token contains all information about the requested
|
||
|
|
connection: userid owning the connection, source ip:port, destination ip:port,
|
||
|
|
a timestamp.
|
||
|
|
|
||
|
|
If a remote admin has a complaint about something from your machine he can
|
||
|
|
send this audit token back to you, you can pipe it through didentd-decrypt
|
||
|
|
and find out which user did the connection. didentd-decrypt outputs all the
|
||
|
|
information from the audit token. So you can have the benefit of ident
|
||
|
|
without revealing internal information from your system.
|
||
|
|
|
||
|
|
There is also didentd-name which is a server returning the username of the
|
||
|
|
uid owning the requested connection. This is the classic ident approach.
|
||
|
|
|
||
|
|
didentd-static is a server which delivers a fixed reply defined by the
|
||
|
|
administrator to every request.
|
||
|
|
|
||
|
|
WWW: http://c0re.jp/c0de/didentd/
|