[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

/dev/pf perms and oidentd non-privileged

I need a NAT-compatible identd due to the fact that I'm on a cable
network with a bad reputation for failing to smack down kiddies who
abuse IRC servers.

In the past I've used oidentd on a linux-based firewall to supply this
service. Since I've switched to OpenBSD on the firewall, I'd like to use
oidentd there, but when run oidentd is run with non-privileged uid/gid
it returns 'ERROR : NO-USER' for all NAT'd requests. Looking at the
oidentd source, I'm guessing this is due to the failed read/write open
of /dev/pf when oidentd tries to service a NAT'd request.

Unless I'm mistaken, /dev/pf must be owned root:wheel, so a special
group and /dev/pf with group r/w perms is out of the question (please
correct me if I'm wrong).

Other than fixing the oidentd code, is there a reasonably safe
workaround for this problem, or is there a "safer" identd that supports


David Wollmann
ICQ: 10742063

Visit your host, monkey.org