Red Hat Bugzilla – Bug 82884
enable pidentd to bind to only the loopback adapter.
Last modified: 2015-01-07 19:03:12 EST
I would like to be able to tell pidentd to bind only to the loopback adapter.
Right now, the code is such that it binds to all IN_ANY, all adapters. That's
not good for security information -- for instance, postgres would like to be
able to use identd to authorize even local users. So I would like to run
pidentd on the loopback and disallow any information leaking through any other
It would be nice/better to be able to run identd from xinetd.
In general it would be a good documentation feature to explain the difference
between xinetd and sysv init style daemon startups AS WELL AS explain the
process of converting an application/service from one to the other.
Ya know, I'd would be interested in working on this, and in fact, I tried to
track the author down.
But I have received no word back from the author, and the mailing list addresses
bounce as well.
Do you know what the status of pidentd is and where development is taking place?
i'm moving this to UPSTREAM. Any install other than "no firewall" will block
access to the auth (113) port anyway, so as a workaround, the original bug
sumitter should get the level of protection he/she wants.