Le 4 mai 07 à 19:34, [EMAIL PROTECTED] a écrit :


Oh.  I though that pidentd was supposed to resolve UIDs locally.
That's one of the features of the protocol; it provides "here's who
*I* think the user is" information back to the requester.

Of course, that's why I thought IDENT was a fairly bogus mechanism
since you're asking the remote system to report on its own users and
someone who controls that machine can report whatever their heart
desires.

But that's precisely what you want! The people who say that have no
clue what it is for: it's to help the owner of the *system running
pidentd*; not the person who finds the identd entries in his logs.

In our case : several machines with a lot of untrusted users (I mean user who can try to do « nasty » things) it is a real need. The « remote » system is an inner system : a computer in a classroom, a server with a classroom of X terminals... Of course identd is not usefull when somebody connects from the outside world whith his linux box.

But can I hope that sun provide some support for such feature in a near future ? I would be happy to demonstrate what zones can do to our students in a secure way. Sharing kmem would not be a good solution to share the same server with students and secure tasks.

f.g._______________________________________________
zones-discuss mailing list
zones-discuss@opensolaris.org

Reply via email to