[ ident lookups causing tcpd to be slow ]
> There's no satisfactory answer to this problem at present, I think.
umm, reading the manual?
man 5 hosts_access [on Debian Linux at least]
CLIENT USERNAME LOOKUP
When the client host supports the RFC 931 protocol or one
of its descendants (TAP, IDENT, RFC 1413) the wrapper pro--
grams can retrieve additional information about the owner
of a connection. Client username information, when avail--
able, is logged together with the client host name, and
can be used to match patterns like:
daemon_list : ... user_pattern@host_pattern ...
The daemon wrappers can be configured at compile time to
perform rule-driven username lookups (default) or to
always interrogate the client host. In the case of rule-
driven username lookups, the above rule would cause user--
name lookup only when both the daemon_list and the
host_pattern match.
So it's a compile option on tcpd. Recompile with it disabled.
David.
