nsayer@uop.edu (Nick Sayer) (02/08/91)
We've just put in an RFC931 authd daemon on our system. Some experimental connection attempts to other sites' auth ports resulted in refused connections, which leads me to believe that not many sites have authd set up. Is this the case? For those of you unfamiliar with the concept, it allows a system on one end of a TCP stream to ask the system on the other end what user (by user ID string) is responsible for the stream. For example, if a user telnets to some site and manages to break into someone's account, a record could be made not only of the site from where he came, but the account he came from. This makes the potential audit trail a little easier to follow. I am considering hacking the in.telnetd at our site so that it will insist on having authd set up at sites telneting in, but if not many sites have an auth daemon running, there's not much point. -- Nick Sayer | Disclaimer: "Don't try this at home, | RIP: Mel Blanc mrapple@quack.sac.ca.us | kids. This should only be done by | 1908-1989 N6QQQ [44.2.1.17] | trained, professional idiots." | May he never 209-952-5347 (Telebit) | --Plucky Duck | be silenced.
barmar@think.com (Barry Margolin) (02/08/91)
In article <27b1bd10.20dc@uop.uop.edu> nsayer@uop.edu (Nick Sayer) writes: >We've just put in an RFC931 authd daemon on our system. >Some experimental connection attempts to other sites' >auth ports resulted in refused connections, which >leads me to believe that not many sites have authd >set up. Is this the case? Seems pretty likely. Authd may not be trivial to implement without modifying the TCP implementation. For instance, on BSD Unix it would have to grovel through the kernel's socket table, then search through all the process file tables looking for references to the socket; also, more than one process may have the same socket open, and the processes may be running under different userids, so it's not clear which userid should be returned. >I am considering hacking the in.telnetd at our site >so that it will insist on having authd set up at >sites telneting in, but if not many sites have an >auth daemon running, there's not much point. I think this idea is misguided. The RFC931 protocol is extremely insecure; if the remote host isn't secure, the returned information isn't very reliable. This is probably another reason why no one implements RFC931. -- Barry Margolin, Thinking Machines Corp. barmar@think.com {uunet,harvard}!think!barmar