[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
/dev/pf perms and oidentd non-privileged
- To: tech_(_at_)_openbsd_(_dot_)_org
- Subject: /dev/pf perms and oidentd non-privileged
- From: David Wollmann <dwollmann_(_at_)_puttybox_(_dot_)_com>
- Date: Thu, 25 Jul 2002 14:14:44 -0500
I need a NAT-compatible identd due to the fact that I'm on a cable
network with a bad reputation for failing to smack down kiddies who
abuse IRC servers.
In the past I've used oidentd on a linux-based firewall to supply this
service. Since I've switched to OpenBSD on the firewall, I'd like to use
oidentd there, but when run oidentd is run with non-privileged uid/gid
it returns 'ERROR : NO-USER' for all NAT'd requests. Looking at the
oidentd source, I'm guessing this is due to the failed read/write open
of /dev/pf when oidentd tries to service a NAT'd request.
Unless I'm mistaken, /dev/pf must be owned root:wheel, so a special
group and /dev/pf with group r/w perms is out of the question (please
correct me if I'm wrong).
Other than fixing the oidentd code, is there a reasonably safe
workaround for this problem, or is there a "safer" identd that supports