On Thu, 06 Dec 2001 13:31:31 MST, Ryan Russell said: > That's ident, pretty standard stuff. It's a protocol designed to allow > the server machine to query the client for what username and uin is > connecting to it. It's intended to be a weak authentication scheme, > though it's basically useless, since it's info supplied by the client. *GAAAK*. No, No, No! Port 113 AUTH is *not* an authentication protocol. It has its roots in the older days of the Internet, when most hosts were still multi-user systems, and not being hijacked every 27 minutes by the worm du jour. The intent was that if *MY* system contacted yours, you could call back and get an identifying string, which was *NOT* for your use for authentication. It was a string that *later*, if there was a problem, you would give back to me, the sysadmin of the *source* machine, and from that, I would hopefully have an idea which of my users I needed to beat the snot out of. Of course, that idea dates back to the quaint notion that there might be packets on the net that weren't probes/attacks, and that things got done over the phone: "Hey Joe, could you talk to that user of yours about his program that went amuck?" "Sure, which user was it?"...
This archive was generated by hypermail 2b30 : Fri Dec 07 2001 - 14:16:03 PST