1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
|
S/Ident
Secure/Ident - Version 3.4
Written by Booker C. Bense <bbense@stanford.edu>
Currently maintained by Russ Allbery <rra@stanford.edu>
Copyright 1996, 1997, 1998, 1999, 2000, 2001, 2002, 2003, 2004 Board of
Trustees, Leland Stanford Jr. University. This software is distributed
under a BSD-style license. Please see the section LICENSE below for
terms of use and redistribution.
Portions based on source from Peter Eriksson <pen@lysator.liu.se>
contained in the libident library, released into the public domain.
Portions based on code copyright (c) 1994-2000 Carnegie Mellon
University. This product includes software developed by Computing
Services at Carnegie Mellon University (http://www.cmu.edu/computing/).
DESCRIPTION
This is a program that implements the S/Ident protocol proposed by
Robert Morgan <morgan@stanford.edu>. It is based on the RFC1413
identification protocol but attempts to conduct the identification
transaction in a secure manner.
The code is based on the pidentd/libident code from Peter Eriksson
<pen@lysator.liu.se> with the SASL-like kerberos exchange based on
code from CMU's imapd-1.4 release.
Currently, the code only supports Kerberos v4 and Kerberos v5 as
security methods.
For the specification of the protocol that this implementation attempts
to follow, see doc/draft-morgan-ident-ext-04.txt.
REQUIREMENTS
S/Ident uses Kerberos for authentication, and therefore requires
Kerberos libraries to compile. It has primarily been tested with stock
Kerberos v4 libraries and with the Kerberos v4 compatibility libraries
included with MIT Kerberos v5, but it should also compile against the
Heimdal libraries.
The S/Ident responder has to grovel through the kernel in order to
determine which user corresponds to a given network connection, and is
therefore extremely sensitive to changes in the operating system
kernel. Among other things, this means that it will likely need to be
recompiled with each new release of an operating system, and will need
to be built by a 64-bit compiler to run on 64-bit Solaris.
The platform has to be among the platforms for which there are available
pident kernel modules. It has been tested and verified working on:
AIX 4.3
IRIX 6.5
Linux 2.x
Digital Unix / Tru64 4.0f
Solaris 2.6, 7, 8, and 9 (32-bit)
Solaris 8 and 9 (64-bit)
The kernel modules are available for all of:
AIX 4.1, 4.2, and 4.3
IRIX 4.x, 5.x, and 6.x
Linux 2.x
NeXTSTEP 3
Digital Unix / Tru64 4.x and 5.x
Solaris 2.5, 2.6, 7, 8, and 9
but the other platforms have not been tested in some time. The compiler
used for testing was GCC in all cases except for the 64-bit Solaris
builds, where Forte 6 was used.
Note that this list does not contain HP-UX, nor has this code been
tested on any BSD system, although there is a generic BSD kernel module
available.
LICENSE
Copyright 1996, 1997, 1998, 1999, 2000, 2001, 2002, 2003, 2004 Board of
Trustees, Leland Stanford Jr. University.
Portions based on source from Peter Eriksson <pen@lysator.liu.se>
contained in the libident library, released into the public domain.
Portions based on code copyright (c) 1994-2000 Carnegie Mellon
University.
Redistribution and use in source and binary forms, with or without
modification, are permitted provided that the following conditions are
met:
1. Redistributions of source code must retain the above copyright
notice, this list of conditions and the following disclaimer.
2. Redistributions in binary form must reproduce the above copyright
notice, this list of conditions and the following disclaimer in the
documentation and/or other materials provided with the distribution.
3. The name "Carnegie Mellon University" must not be used to endorse or
promote products derived from this software without prior written
permission. For permission or any legal details, please contact
Office of Technology Transfer
Carnegie Mellon University
5000 Forbes Avenue
Pittsburgh, PA 15213-3890
(412) 268-4387, fax: (412) 268-7395
tech-transfer@andrew.cmu.edu
4. Redistributions of any form whatsoever must retain the following
acknowledgment:
"This product includes software developed by Computing Services
at Carnegie Mellon University (http://www.cmu.edu/computing/)."
STANFORD UNIVERSITY AND CARNEGIE MELLON UNIVERSITY DISCLAIM ALL
WARRANTIES WITH REGARD TO THIS SOFTWARE, INCLUDING ALL IMPLIED
WARRANTIES OF MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL STANFORD
UNIVERSITY OR CARNEGIE MELLON UNIVERSITY BE LIABLE FOR ANY SPECIAL,
INDIRECT OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING
FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT,
NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION
WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
|
