identd
is a small program that typically runs out of your
inetd
server. It keeps track of what user is running what TCP
service, and then reports this to whoever requests it.
Many people misunderstand the usefulness of identd
, and so disable it
or block all off site requests for it. identd
is not there to help out
remote sites. There is no way of knowing if the data you get from the
remote identd
is correct or not. There is no authentication in identd
requests.
Why would you want to run it then? Because it helps you out, and is
another data-point in tracking. If your identd
is un compromised, then
you know it's telling remote sites the user-name or uid of people using
TCP services. If the admin at a remote site comes back to you and
tells you user so-and-so was trying to hack into their site, you can
easily take action against that user. If you are not running identd
,
you will have to look at lots and lots of logs, figure out who was on
at the time, and in general take a lot more time to track down the
user.
The identd
that ships with most distributions is more configurable
than many people think. You can disable it for specific users
(they can make a .noident
file), you can log all
identd
requests (We recommend it), you can even have identd
return a uid instead of a user name or even NO-USER.