the kernel can make identd queries with
setenv("remote_port", 123);
setenv("local_port", 456);
popen("echo $remote_port, $local_port|nc localhost 113|sed 's,.*:,,'", "r");
i have diff to change chroot(1) so that it documents the need:
+.Sh
+needs nc and sed in the chroot for pf usage
or alternatively identc can be implemented as a kernel module
identd responses could be cached for 5 minutes and invalidated when
the remote host does adduser, or vipw
On Wed, Aug 14, 2013 at 6:55 PM, Henning Brauer
<[email protected]> wrote:
> * Maxim Khitrov <[email protected]> [2013-08-14 22:51]:
>> On Wed, Aug 14, 2013 at 3:14 PM, Mike Belopuhov <[email protected]> wrote:
>> > unless a local socket is found, user or group check will not be performed.
>> That doesn't make sense to me. Are you saying that a user/group
>> condition is ignored in some cases? That sounds like a bug in itself.
>
> think it through: how do you look uo the user owning the socket on a
> remote machine?
>
> --
> Henning Brauer, [email protected], [email protected]
> BS Web Services GmbH, http://bsws.de, Full-Service ISP
> Secure Hosting, Mail and DNS Services. Dedicated Servers, Root to Fully
> Managed
> Henning Brauer Consulting, http://henningbrauer.com/
