Path: utzoo!utgpu!news-server.csri.toronto.edu!cs.utexas.edu!rutgers!cmcl2!kramden.acf.nyu.edu!brnstnd
From: brnstnd@kramden.acf.nyu.edu (Dan Bernstein)
Newsgroups: comp.unix.programmer
Subject: Re: Who's fingering me? (was Re: how to put a program into a .plan file)
Message-ID: <10092:Oct220:21:1590@kramden.acf.nyu.edu>
Date: 2 Oct 90 20:21:15 GMT
References: <JWZ.90Sep29231908@kolyma.lucid.com> <40190001@aspen.IAG.HP.COM>
Organization: IR
Lines: 23

In article <40190001@aspen.IAG.HP.COM> tai@aspen.IAG.HP.COM (Tai Jin) writes:
> >>	Is it possible to figure out who have fingered you?
> The finger protocol does not provide any information about the user
> who is doing the finger'ing.  The best you can do is log the host
> from which the finger originated and the target of the finger.

You can do better.

Just install attachport from my auth package and the finger daemon from
my authutil package. If the remote host supports RFC 931, you get the
username along with the remote address in the REMOTE environment
variable. As described in authutil's servers/README, you can add three
lines to the top of the daemon script to refuse connections from hosts
that don't support the authentication, if you want.

Do you think that knowing the remote username is useful? Encourage it by
taking measures like this. More and more hosts are supporting RFC 931
(e.g., by installing authtcp in my auth package); why don't you do your
part to make the Internet a better place?

auth and authutil were published in volume 22 of comp.sources.unix.

---Dan