> the general response I've gotten, frankly, is that IDENT is pretty
> useless and unreliable, but I ought to run it anyway, just in case
> someone finds it useful. That seems silly logic to me. I've never run
> an IDENT server on a machine, and this is the first time it's come up
> in any discussion, so it sure doesn't seem important. And I've talked
> to a number of TCP hacks about it since this came up, and most feel
> it's of limited usefulness and easy to spoof, and they think it's a
> mis-feature that it's on by default in sendmail.
I run ident and encourage people to do so. I've found it helpful in
tracking down user badness on mult-user UNIX machines. It's not at
all useful, of course, if the person doing the badness has root access,
is on a PC, etc.
Is ident going to catch the UberCracker? No. Is it reliable enough
evidence to shoot someone on the spot? No. Will it catch the slow
ones? Yes, and in a university environment and many others catching
the slow ones can make it worth the price of install.
Sheryl Coppenger SEAS Computing Facility Staff sheryl @
The George Washington University (202) 994-6853