Re: Suggestion for improved identD

[Adrian Chadd <adrian () creative net au>]

Jon Lewis writes:
> On Tue, 19 May 1998, Ehud Gavron wrote:
>
> > Suggestion:  PPP access devices intercept identD requests
> >              and return the authenticated access string.
> >
> > Thoughts appreciated, as are comments, flames, blames, and anything
> > of some content.
>
> Not every dialup connection is a single end luser on a win95 box.  What
> about ISDN connections where there's a whole network of real computers and
> different users (on each computer)?  How does the NAS decide which
> connections to intercept for and which not to?  Even if you knew the
> username, what good will it do you 1000 miles away?  Those providers who
> care can fine the user if you tell them the IP and time of day.  Those who
> don't care won't care if you tell them "I was spammed by
> abc123 () yournets net".

Its more of blocking services.

When I implemented the forced ident setup, if a user had a static IP, then
the ident was passed through. Only if they were a dynamic IP dialup client
would the ident be forced.

The idea here is not to provide a username. Its to provide a method of
identifying a dialup user, in a way that doesn't change with each login.
Since most things already query ident, then why not go this path and make
ident 'trusted' on dynamic IP NAS connections?

Adrian