"The Linux Gazette...making Linux just a little more fun!"

When AUTH is ident, not Authentication

From John Garetti on Tue, 18 Jan 2000

Hi. My name is John. Wondering if there is a way to tell the ftpd from Wash. Univ. to send authentication requests over the same port as the main ftp port. It seems to be using port 113 which is driving my router admin people up the wall.

Thx.

The FTP daemon is actually doing an "ident" request (which is laughingly called the "auth" protocol). Search any good engine on the string "identd" or the phrase "inetd daemon" for more details. For the real guts of it look at the RFC that describes it:

Identification Protocol

http://www.faqs.org/rfcs/rfc1413.html

This is not "authentication" like asking for a password or a key or anything like that. It just asks the remote system what username owns a given TCP socket and it is used for logging. Obviously the remote system might respond with anything. The result cannot be trusted unless the remote system is known to be secure and under the same administration as the FTP server.

Anyway you should be able to disable this behaviour and/or block the port. This is especially important if you plan to let MS Windows clients access this server (since they don't support the ident/auth protocol, but the attempts will cause significant connection delays).

WUFTP and authentication

From John Garetti on Tue, 18 Jan 2000

thx for the info.

Copyright © 2000, James T. Dennis
Published in The Linux Gazette Issue 50 February 2000

HTML transformation by Heather Stern of Starshine Technical Services, http://www.starshine.org/

					1	2	3	5
				5	6	7	8	9
10	11		13	14	15	16	17
18	19	20	21	22	23	24
26	27	28	29	30	31	32	33
34		36	37	38	39	42	41
42	43	44	45	46	47	48