AFAIK, the server daemons do an ident looking on the
CLIENT's port 113, for the CLIENT's ident. The SERVER
does an ident lookup on the CLIENT. the SERVER doesn't
need an identd daemon running. the CLIENT needs it.
the daemon (ftp or telnet) does the lookup for its own
info, which AFAIK can be logged and analysed later. If
the ident lookup fails, which may happen if there
isn't an ident server running on the CLIENT, the
deamon goes on. The server searching for the ident, is
the reason is that u're not running an ident server,
and it cant find u're ident. If u've ever run an IRC
server, and enabled ident auth, like the mit irc
servers do, then u're IRC log files will have the IP
of all the clients (all the IRC users) and their
idents, along with hostname+domain names. the ident
names are got from the CLIENT's identd daemon. the
hostname etc. is got from RDNS lookups. I hope it is
clear.
bottomline: the wait before a ftp or telnet session is
cuz the server is doing a ident lookup on the client
if the client's ip is not listed in the server's hosts
file. the wait can be prevented by adding the client's
IP in the server's hosts file, or by running an identd
on the client.
would the oth' gurus on this list care to say
something about this?
--- Shanker <[EMAIL PROTECTED]> wrote:
> Nick Hill wrote:
>
> > AFAIK, the identd server doesn't do the lookups.
>
> identd uses the local resolver (/lib/libresolv.so?)
> to do the lookup.
> That was a slip.
>
> <---------updated--------->
> Every time a host tries to use the services provided
> by the Linux server like telnet or FTP, the Linux
> server tries to look up the name of the user who
> wants
> to use the service. This lookup is done by the
> identd
> protocol server running on the Linux machine using
> the
> local resolver.
> </---------updated--------->
>
> > The CLIENT has to be running a server on port 113
> (IIRC).
>
> But i have not seen other OS's (like win) listening
> on port 113.
>
that's the exact reason for the delay. try to run an
ident server, thru something like an IRC client like
mirc, or pirch, which provide an ident server.
> > The identd server is for the client to identify
> itself
> > to the server.
>
> <man identd>
> identd operates by looking up specific TCP/IP
> connections
> and returning the user name of the process owning
> the con
> nection. It can optionally return other
> information
> instead of a user name.
> </man identd>
>
exactly. this happens on the client side. NOT on the
server side.
> I thought authentication was more relevant from the
> servers point of
> view than the connecting clients.
>
it is. the server authenticates (if u want to put it
that way) the client by checking its ident. ident is
not a good way to auth. its just for log purposes... i
guess u can auth a client by checking their ident, and
trying to match it with an RDNS lookup.
> AFAIK, to get the user name of the connecting user,
> identd must be
> running on both on the client's side as well as on
> the server's side.
>
m sorry u're mistaken here. to get the HOSTNAME (not
username), an identd must be running on the client.
> I didn't quite get that point. You mean to say that
> ftp/telnet
> will identify the user internally w/o identd running
> on the server.
>
identd is NOT a user auth. it's a HOST checking
mechanism. like i can be ANY user on a single HOST.
all identd checks is a the name of the machine. It can
be ANY user on the machine.
> Yes, but the problem here is that on a local
> network, where there are
> no entries for the hosts in either the hosts table
> or via a local DNS
> server, you face a delay of under a minute.
>
u either run an identd server on EACH machine or list
them in the hosts file. AFAIK, there's isn't any other
way to prevent the delays...
> Hey Nick, now i am confused too. What is the point
> that you are
> trying to raise?
IDENTD has to run on CLIENT. NOT SERVER. :)
Nikhil.
__________________________________________________
Do You Yahoo!?
Talk to your friends online with Yahoo! Messenger.
http://im.yahoo.com
-----------------------------------------------------------------------
For more information on the LIH mailing list see:
http://lists.linux-india.org/lists/LIH
