Bug#21566: -ALLOW_NONIDENT_ACCESS may be dodged by .noident


Thomas Gebhardt (gebhardt@HRZ.Uni-Marburg.DE)
Thu, 23 Apr 1998 17:36:29 +0300


Package: cfingerd
Version: 1.3.2-8
Severity: Wishlist

Hi,

I think that cfingerd should not only look whether an identd is
running but rather whether it really can get the user information
from the remote host.

If the identd on the remote host is started with the option "-N",
a user can hide by a ".noident" file and nevertheless gets
an answer from cfingerd. Such requests are logged like

Finger from @host.hrz.uni-marburg.de at Thu Apr 23 17:03:02 1998

by cfingerd.

Cheers, Thomas



This archive was generated by hypermail 2.0b3 on Sun Aug 08 1999 - 10:46:58 CEST