On Thu, 27 Jan 2005, Bruno Wolff III wrote:
>On Thu, Jan 27, 2005 at 12:22:06 -0500,
> Victor Danilchenko <danilche@cs.umass.edu> wrote:
>>
>> the solution was in disabling the 'result:encrypt' option
>> (setting it to 'no') in the /etc/identd.conf file. Once I did that,
>> IDENT started returning plaintext names instead of encrypted strings,
>> and clearly PostgreSQL ident client doesn't know how to handle encrypted
>> IDENT responses. Something to fix in the future release perhaps? or
>> maybe it's fixed already...
>
>When you encrypt names for ident, the other host isn't supposed to be
>able to figure out who is making the request. If the remote site has
>a problem they can give the string back to the connecting site's admins
>and then they can figure out who is causing problems.
>
>If you are actually using ident for authentication, you don't want to use
>the encrypted mode unless you are willing to modify applications so that
>they can decrypt the ident strings.
Aha. Gotcha. Thanks.
--
| Victor Danilchenko | When in danger or in doubt, |
| danilche@cs.umass.edu | run in circles, scream, and shout. |
| CSCF | 5-4231 | Robert Heinlein |
