Who's fingering me? (was Re: how to put a program into a .plan file)
Dan Bernstein
brnstnd at kramden.acf.nyu.edu
Wed Oct 3 06:21:15 AEST 1990
In article <40190001 at aspen.IAG.HP.COM> tai at aspen.IAG.HP.COM (Tai Jin) writes:
> >> Is it possible to figure out who have fingered you?
> The finger protocol does not provide any information about the user
> who is doing the finger'ing. The best you can do is log the host
> from which the finger originated and the target of the finger.
You can do better.
Just install attachport from my auth package and the finger daemon from
my authutil package. If the remote host supports RFC 931, you get the
username along with the remote address in the REMOTE environment
variable. As described in authutil's servers/README, you can add three
lines to the top of the daemon script to refuse connections from hosts
that don't support the authentication, if you want.
Do you think that knowing the remote username is useful? Encourage it by
taking measures like this. More and more hosts are supporting RFC 931
(e.g., by installing authtcp in my auth package); why don't you do your
part to make the Internet a better place?
auth and authutil were published in volume 22 of comp.sources.unix.
---Dan
More information about the Comp.unix.programmer
mailing list