Question about ident service
in [Java Programming]
|
Prev: NEw Way On Ur Mobile
Next: Placement of Constants
From: steen on 24 May 2010 09:23 On 24 Maj, 01:24, Tom Anderson <t...(a)urchin.earth.li> wrote: > Shouldn't be. The ident daemon should take care of it all. Are you making > the java and telnet connections from the same machine? Is it possible > there isn't an ident daemon running on the machine where the java program > is running? Well the tests (the java and the telnet) are run from the same machine, so the ident daemon is running. It just wont give a response when the connection is made from java. > This is slightly shocking, given that ident offers about as much security > as crypt. I know, but unfortunately I have to connect to a legacy system, where replacing that is out-of-scope for my current task. /Steen
From: steen on 24 May 2010 09:27 On 24 Maj, 01:36, "John B. Matthews" <nos...(a)nospam.invalid> wrote: > Not one of which I'm aware. Hm, not the answer I was hoping for..;) > I assume you are using java.net.ServerSocket to implement the server. > IIUC, such a server would have to implement RFC1413 explicitly. I don't > know of an existing Java implementation. Well the server part is an old legacy system, but I would expect that the server implements RFC1413 since it gets an ident response when I connect using telnet. /Steen
From: John B. Matthews on 24 May 2010 10:52 In article <e648f20c-2ccf-4f81-917f-d23ca2c506d1(a)z17g2000vbd.googlegroups.com>, steen <steen(a)jost.dk> wrote: > On 24 Maj, 01:36, "John B. Matthews" <nos...(a)nospam.invalid> wrote: > > Not one of which I'm aware. > Hm, not the answer I was hoping for..;) > > > I assume you are using java.net.ServerSocket to implement the server. > > IIUC, such a server would have to implement RFC1413 explicitly. I don't > > know of an existing Java implementation. > > Well the server part is an old legacy system, but I would expect that > the server implements RFC1413 since it gets an ident response when I > connect using telnet. Is your Java client sending the correct query request to the server, as specified in section 4 of the RFC? 4. QUERY/RESPONSE FORMAT <http://www.faqs.org/rfcs/rfc1413.html> -- John B. Matthews trashgod at gmail dot com <http://sites.google.com/site/drjohnbmatthews>
From: steen on 24 May 2010 13:27 On May 24, 4:52 pm, "John B. Matthews" <nos...(a)nospam.invalid> wrote: > Is your Java client sending the correct query request to the server, as > specified in section 4 of the RFC? > > 4. QUERY/RESPONSE FORMAT > > <http://www.faqs.org/rfcs/rfc1413.html> Well, I've tried to run a tcpdump on the test machine to see what goes on, and I can see that the ftp server does ask the ident-daemon for an ident, but when I connect to the server from java, the response is NO-USER. You can see the relevant tcpdump output here: http://pastebin.com/McJFb4nD The first 2 entries are when I connect to the ftp-server using telnet and the resonse is as expected. The last 2 entries are when I connect from java, and the response is NO-USER. Any thoughts ? /Steen
From: Tom Anderson on 24 May 2010 15:04
On Mon, 24 May 2010, steen wrote: > On May 24, 4:52�pm, "John B. Matthews" <nos...(a)nospam.invalid> wrote: > >> Is your Java client sending the correct query request to the server, as >> specified in section 4 of the RFC? >> >> 4. QUERY/RESPONSE FORMAT >> >> <http://www.faqs.org/rfcs/rfc1413.html> > > Well, I've tried to run a tcpdump on the test machine to see what goes > on, and I can see that the ftp server does ask the ident-daemon for an > ident, but when I connect to the server from java, the response is > NO-USER. > > You can see the relevant tcpdump output here: http://pastebin.com/McJFb4nD > > The first 2 entries are when I connect to the ftp-server using telnet > and the resonse is as expected. > > The last 2 entries are when I connect from java, and the response is > NO-USER. > > Any thoughts ? 1. Try a unix and/or networking group as well as this one; i doubt this is a java problem per se. 2. What user are you running the java program as? root? 3. Does anyone have a .noident file in their home directory? 4. What does netstat --inet -lp | grep $JAVA_PROGRAM_PID say while the connection is open? Anything weird? 5. Has the java program sent anything over the socket at this point? Is it definitely still open? I wonder if identd can't work out the owner of a socket if it either hasn't been properly initialised yet (and there's some kind of lazy initialisation going on under the hood) or it's already been shut down. 6. If you're on linux, try running identd under strace and looking for calls to sysctl - assuming you have a recent version of identd, that's how it retrieves information about connections. If you're not, then there should be some other combination of tracer and system call that does the equivalent. There may be something in the output from that that indicates why it doesn't spill the beans on the java program's connection. tom -- For the first few years I ate lunch with he mathematicians. I soon found that they were more interested in fun and games than in serious work, so I shifted to eating with the physics table. There I stayed for a number of years until the Nobel Prize, promotions, and offers from other companies, removed most of the interesting people. So I shifted to the corresponding chemistry table where I had a friend. At first I asked what were the important problems in chemistry, then what important problems they were working on, or problems that might lead to important results. One day I asked, "if what they were working on was not important, and was not likely to lead to important things, they why were they working on them?" After that I had to eat with the engineers! -- R. W. Hamming |