brian <[EMAIL PROTECTED]> writes:
> Sheryl Coppenger <[EMAIL PROTECTED]> writes:
>> I run ident and encourage people to do so. I've found it helpful in
>> tracking down user badness on mult-user UNIX machines. It's not at all
>> useful, of course, if the person doing the badness has root access, is
>> on a PC, etc.
> When deciding whether to run ident or not, you should be concerned about
> how much use will it be to you. The rest of the Internet does not care,
> nor trust what your ident server tells them. They however should still
> consult it and pass the value returned on to you when identifying
> somebody at the other end of a connection. It is up to you, the ident
> server owner to decide what to do with that data, whether you can trust
> it, etc. That is the purpose of ident, to help the owner of the server,
> not anybody else.
I'd like to add to this that if you *do* run ident, you should make sure
it returns something that only you can interpret (like a UID) and
specifically does *not* return a username. Otherwise, the ident returns
will be collected when people on the system visit web sites and from there
will be used by spammers.
--
Russ Allbery ([EMAIL PROTECTED]) <URL:http://www.eyrie.org/~eagle/>
