From owner-freebsd-net  Fri Oct 20  7: 4: 2 2000
Delivered-To: freebsd-net@freebsd.org
Received: from klaki.net (klaki.net [130.208.195.10])
	by hub.freebsd.org (Postfix) with ESMTP id BD7A337B4D7
	for <freebsd-net@FreeBSD.ORG>; Fri, 20 Oct 2000 07:03:58 -0700 (PDT)
Received: (from bre@localhost)
	by klaki.net (8.9.3/8.9.3) id OAA26137
	for freebsd-net@FreeBSD.ORG; Fri, 20 Oct 2000 14:03:48 GMT
Date: Fri, 20 Oct 2000 14:03:47 +0000
From: Bjarni Runar Einarsson <bre@netverjar.is>
To: freebsd-net@FreeBSD.ORG
Subject: Re: natd & identd cooperation?  (and identd + jails)
Message-ID: <20001020140347.A25546@klaki.net>
References: <20001018184017.A1218@klaki.net> <20001019110110.C98924@sunbay.com> <20001019120511.A4555@sunbay.com>
Mime-Version: 1.0
Content-Type: text/plain; charset=iso-8859-1
Content-Transfer-Encoding: 8bit
X-Mailer: Mutt 0.95.4i
In-Reply-To: <20001019120511.A4555@sunbay.com>; from Ruslan Ermilov on Thu, Oct 19, 2000 at 12:05:11PM +0300
Sender: owner-freebsd-net@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.org

On 2000-10-19, 12:05:11 (+0300) Ruslan Ermilov wrote:
> > I am working on implementing IDENT support for libalias(3) and (as a
> > consequence) for natd(8).  Meanwhile, you can do it with inetd(8) as
> > follows:

I took a stab at the problem, and have implemented primitive support
within libalias for cooperation with oidentd.  

The implementation uses my UDB library
(http://bre.klaki.net/programs/udb/), which allows the libalias app.
and the ident server to share a table of ip<->user and
connection<->user or connection<->connection mappings. The ident
protocol doesn't by default allow user-land forwarding of connections
(machine A can't request info about connections between B and C), but
adding support for forwarded requests to an ident daemon is
relatively easy.

All in all, it works reasonably well - should I clean it up and share?

While hacking I found out that all this effort was not quite
necessary for a jailed environment like mine - an unmodified oidentd
appears to ident connections correctly already, as long as natd is
instructed to use the same ports.  Using my libalias/UDB/oidentd hack
is only useful because it adds the option of assigning a single user
name to a whole jail.

-- 
Bjarni R. Einarsson                           PGP: 02764305, B7A3AB89
 bre@netverjar.is              -><-             http://bre.klaki.net/

Netverjar gegn ruslpósti: http://www.netverjar.is/baratta/ruslpostur/


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-net" in the body of the message