Path: utzoo!utgpu!news-server.csri.toronto.edu!cs.utexas.edu!wuarchive!zaphod.mps.ohio-state.edu!think.com!barmar
From: barmar@think.com (Barry Margolin)
Newsgroups: comp.protocols.tcp-ip
Subject: Re: How widespread is RFC931 on the internet?
Message-ID: <1991Feb8.083450.26039@Think.COM>
Date: 8 Feb 91 08:34:50 GMT
References: <27b1bd10.20dc@uop.uop.edu>
Sender: news@Think.COM
Organization: Thinking Machines Corporation, Cambridge MA, USA
Lines: 27

In article <27b1bd10.20dc@uop.uop.edu> nsayer@uop.edu (Nick Sayer) writes:
>We've just put in an RFC931 authd daemon on our system.
>Some experimental connection attempts to other sites'
>auth ports resulted in refused connections, which
>leads me to believe that not many sites have authd
>set up. Is this the case?

Seems pretty likely.  Authd may not be trivial to implement without
modifying the TCP implementation.  For instance, on BSD Unix it would have
to grovel through the kernel's socket table, then search through all the
process file tables looking for references to the socket; also, more than
one process may have the same socket open, and the processes may be running
under different userids, so it's not clear which userid should be returned.

>I am considering hacking the in.telnetd at our site
>so that it will insist on having authd set up at
>sites telneting in, but if not many sites have an
>auth daemon running, there's not much point.

I think this idea is misguided.  The RFC931 protocol is extremely insecure;
if the remote host isn't secure, the returned information isn't very
reliable.  This is probably another reason why no one implements RFC931.
--
Barry Margolin, Thinking Machines Corp.

barmar@think.com
{uunet,harvard}!think!barmar