It seems like on Thu, May 18, 2000 at 09:53:47AM -0700, Bob George scribbled: Orig Msg> > auth stream tcp nowait.32768 nobody /usr/sbin/in.identd Orig Msg> in.identd -l -e -o -i -n Orig Msg> Orig Msg> Why run auth, or are there users on the firewall itself using IRC and such? Some places configure their servers to drop connections if they do not see an identd connection. Others seem to hang while waiting for identd to time out. See "man identd" for what the switch settings do. The MagusNet Public Proxy ( http://www.magusnet.com/proxy.html ) uses identd for some procedures in-house so I keep it in place for that as well. That is why I have the nowait.32768 added. The proxy runs as nobody/UID( 99 ) and that is what most of my identd responses would return. Orig Msg> Wouldn't they be behind the firewall? Yes, and identd at the firewall in my config does not reveal much of anything about any data connection since there are no pieces of user data available for identd to return. Orig Msg> > cfinger stream tcp nowait root /usr/sbin/tcpd /bin/cat Orig Msg> /home/frenchie/Mail/info Orig Msg> > finger stream tcp nowait root /usr/sbin/tcpd /bin/cat Orig Msg> /home/frenchie/Mail/info Orig Msg> Orig Msg> So what's in /home/frenchie/Mail/info? While cat is probably not a risk, Orig Msg> does it need to run as root? You are right it does not need to be run as root. It is something I haven't thought about...good catch. The 2 services above used to be managed by my proxy server software. I changed them out a while back and obviously missed something that I should have gone back and reviewed. Proof that even when you know what you are doing it is easy to make the silliest of mistakes. Anyway, the config above returns the same file regardles of what address you finger inside the [francois|magusnet].[com|gilbert.az.us] domains. Because I have a hybrid filtering firewall / proxy server setup I have done some oddball things to get the config where it is today. Thanks for the review. JLF Sends... Behold, the Internet is the greatest sum of information at mankind's fingertips since the Library of Alexandria. Despite this vast storehouse of knowledge at our disposal, there are still those that will send urban legend and blatantly false information to mailing lists and newsgroups without making even the slightest effort to check their legitimacy. At every occurance this proves to me that every node,wire, and server I help connect to the Internet to widen its expanse for the benefit of the masses is a complete waste of time. ( J. Francois )