Running the auth server (identd) also helps to discourage homegrown spammers. The identification daemon monitors port 113. If it gets a request from a remote system, it tells that system the name of the user running the current connection process to that system. This allows remote mail servers to put a real username on the Received: header in incoming e-mail.
Some security experts shy away from identd because it sends local usernames to remote systems. However, hiding usernames does not provide any real security, so using identd to provide the name of the user running a process is a minimal risk. Red Hat even includes an encrypting version of identd, called pidentd, with a distribution that further minimizes the risk. pidentd encrypts outgoing identd responses with a secret key. In normal usage, this ends up being just gibberish to the remote site, which ensures that remote sites can't use the identd response to harvest username. But if a security incident occurs, the remote system administrator can come to you, and after you determine that the request is legitimate, you can decrypt the string and track down the problem user.
Was this article helpful?