should identd be installed, or is it a security risk?
There are several possible answers to that:
1. Switching your computer on and connecting it to the internet is
a security risk. Don't do it.2. identd is not inherently a security risk, but it does run as root
and is a daemon, and buffer overflows can hurt it if there are
buffer overflow conditions.3. I have seen one system hacked via what could have been identd,
but I didn't have sufficient data to verify that.Personally, I wouldn't bother with it. Not to say that I'd steer clear of it, but so few programs make any kind of use out of the information that identd provides these days that you're better off just rejecting (not dropping) the packets. Dropping the packets slows things down because programs like sendmail will hold off until they either get a connection refused or a timeout, which means that if you drop auth packets your system will take longer to send mail to remote systems.
will the firewall (SME 5.12) negate any advantages, or will identd weaken the firewall ?
Neither.
I'd choose not to run identd but leave the port open in the firewall so that anyone attempting to connect to it gets a simple connection refused.
... google produced mixed answers, and mandrake 9.0 makes it even more fun by calling it pidentd, which may be different . (makes it hard to find, anyway)(not installed in a standard install)
pidentd is different to the original identd but it does the same thing.
http://www.lysator.liu.se/~pen/pidentd/
-- Del
-- SLUG - Sydney Linux User's Group - http://slug.org.au/ More Info: http://lists.slug.org.au/listinfo/slug
