I would like to be able to tell pidentd to bind only to the loopback adapter. Right now, the code is such that it binds to all IN_ANY, all adapters. That's not good for security information -- for instance, postgres would like to be able to use identd to authorize even local users. So I would like to run pidentd on the loopback and disallow any information leaking through any other adapter.
It would be nice/better to be able to run identd from xinetd. In general it would be a good documentation feature to explain the difference between xinetd and sysv init style daemon startups AS WELL AS explain the process of converting an application/service from one to the other.
Ya know, I'd would be interested in working on this, and in fact, I tried to track the author down. But I have received no word back from the author, and the mailing list addresses bounce as well. Do you know what the status of pidentd is and where development is taking place?
i'm moving this to UPSTREAM. Any install other than "no firewall" will block access to the auth (113) port anyway, so as a workaround, the original bug sumitter should get the level of protection he/she wants.