On Thu, Jan 27, 2005 at 12:22:06 -0500,
Victor Danilchenko <danilche@cs.umass.edu> wrote:
>
> the solution was in disabling the 'result:encrypt' option
> (setting it to 'no') in the /etc/identd.conf file. Once I did that,
> IDENT started returning plaintext names instead of encrypted strings,
> and clearly PostgreSQL ident client doesn't know how to handle encrypted
> IDENT responses. Something to fix in the future release perhaps? or
> maybe it's fixed already...
When you encrypt names for ident, the other host isn't supposed to be
able to figure out who is making the request. If the remote site has
a problem they can give the string back to the connecting site's admins
and then they can figure out who is causing problems.
If you are actually using ident for authentication, you don't want to use
the encrypted mode unless you are willing to modify applications so that
they can decrypt the ident strings.
