ident is not of use to servers.

Erik Fair (bless his pointy little head) says that identd is pointless and potentially dangerous. He is, like many other people, confused about the purpose of identd. The ONLY reason (but ONLY) to run identd is to help identify your own users abuse of remote servers.

Here's how it works: say that somebody wants to forge email on a multiuser machine under your control. All they need to do is telnet to the remote machine's smtp port, and start forging. But aha! This smtp server supports identd, and so do you. Their smtp server contacts your identd server and gets a token. It records that token in the Received: header.

If the person who received the email suspects forgery, or the email is abusive, they can complain to postmaster@yourhost, and forward the email. You can look at the Received: header and identify the user who sent the email.

Sounds like work, eh? Who wants more work? Well, these days people don't bother blocking single users anymore. They block entire hosts, or networks. Do you want your multiuser machine to be blocked from sending email? Of course not. It's worth it to you to keep your users from having your multiuser machine from being denied services.

If this is NOT your situation, then by gum, don't even *think* about running identd, because it would do nothing for you except to slow you down. Don't bind anything to the port, and make sure that your firewall rejects ident queries rather than just dropping them on the floor.


Russell Nelson
Last modified: Fri Aug 30 14:28:58 EDT 2002