From owner-cvs-all  Fri Jul 14 12:45:31 2000
Delivered-To: cvs-all@freebsd.org
Received: from lucifer.ninth-circle.org (lucifer.bart.nl [194.158.168.74])
	by hub.freebsd.org (Postfix) with ESMTP
	id B332637BE97; Fri, 14 Jul 2000 12:45:20 -0700 (PDT)
	(envelope-from asmodai@lucifer.ninth-circle.org)
Received: (from asmodai@localhost)
	by lucifer.ninth-circle.org (8.9.3/8.9.3) id VAA70125;
	Fri, 14 Jul 2000 21:45:18 +0200 (CEST)
	(envelope-from asmodai)
Date: Fri, 14 Jul 2000 21:45:18 +0200
From: Jeroen Ruigrok van der Werven <jruigrok@via-net-works.nl>
To: Robert Watson <rwatson@FreeBSD.org>
Cc: Hajimu UMEMOTO <ume@FreeBSD.org>, cvs-committers@FreeBSD.org,
	cvs-all@FreeBSD.org
Subject: Re: cvs commit: src/lib/libutil realhostname.c
Message-ID: <20000714214518.C69824@lucifer.bart.nl>
References: <200007141808.LAA07166@freefall.freebsd.org> <Pine.NEB.3.96L.1000714142251.86137D-100000@fledge.watson.org>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
User-Agent: Mutt/1.2i
In-Reply-To: <Pine.NEB.3.96L.1000714142251.86137D-100000@fledge.watson.org>; from rwatson@FreeBSD.org on Fri, Jul 14, 2000 at 02:26:20PM -0400
Organisation: VIA Net.Works The Netherlands
Sender: owner-cvs-all@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.ORG

-On [20000714 20:35], Robert Watson (rwatson@FreeBSD.org) wrote:
>
>Nothing irritates me more than seeing "Invalid address" in wtmp, when DNS
>fails and login stamps that in.  How utterly useless.  In my mind, if we
>store one thing, it should be the IP address (v4 or v6 or whatever), and

Agreed.

>if two, then also the hostname at the time that the connection occurred.
>Furthermore, it would be nice if an authenticity parameter was present for
>both fields: (1) protection assuring that the IP was accurate (based on
>IPsec somehow), and (2) protection assuring the name for the IP was
>accurate (based on DNSsec).  I don't see either happening soon, but we can
>and should fix the incorrect/inappropriate use of wtmp and utmp.

DNSsec is still a problem due to the licensing if I understood Peter
Wemm correctly.  Corrections on this topic are very much welcome, I will
then pursue to make sure DNSsec gets imported and enabled.

>sshd currently puts IP addresses in the logs; we should change other
>programs to do the same.  And we should fix UT_HOSTSIZE. :-)

I agree very much.

-- 
Jeroen Ruigrok van der Werven          Network- and systemadministrator
<jruigrok@via-net-works.nl>            VIA Net.Works The Netherlands
BSD: Technical excellence at its best  http://www.via-net-works.nl
Only the good die young, all the evil seems to live forever...


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe cvs-all" in the body of the message