Question about ident service

[steen]

Hey,

I got a quick question regarding java code and ident service.

If I just do a quick Socket connection to an ftp server, like
Socket s = new Socket("127.0.0.1", 1234);
the ftp-server doesnt receive an ident response, but if I from a
prompt do a
telnet 127.0.0.1 1234
the ftp-server does get an ident response.

Can anyone point me to any info which can explain to me why that is
and
how I can get the ident response to work when connection from java
also ?

Thanks in advance
Steen

 

[John B. Matthews]

I got a quick question regarding java code and ident service.

If I just do a quick Socket connection to an ftp server, like Socket
s = new Socket("127.0.0.1", 1234); the ftp-server doesnt receive an
ident response, but if I from a prompt do a telnet 127.0.0.1 1234 the
ftp-server does get an ident response.

Can anyone point me to any info which can explain to me why that is
and how I can get the ident response to work when connection from
java also ?

RFC1413 - Identification Protocol: "This is a connection based
application on TCP."

<http://www.faqs.org/rfcs/rfc1413.html>

 

[steen]

RFC1413 - Identification Protocol: "This is a connection based
application on TCP."

<http://www.faqs.org/rfcs/rfc1413.html>

Yes thats the ident protocol, but what puzzles me is that when I do a
TCP connection
from java, apparently it doesnt register (or whatever telnet does to
enable ident response)
with the ident service. If there a property I need to set or
something ?

To be completely explicit, what I'm doing in my program is to make a
connection using the
apache commons FTPSClient, and I need the ftp server to get an ident
response because otherwise
it will refuse my connection.

/Steen

 

[Tom Anderson]

Yes thats the ident protocol, but what puzzles me is that when I do a
TCP connection from java, apparently it doesnt register (or whatever
telnet does to enable ident response) with the ident service. If there a
property I need to set or something ?

Shouldn't be. The ident daemon should take care of it all. Are you making
the java and telnet connections from the same machine? Is it possible
there isn't an ident daemon running on the machine where the java program
is running?

To be completely explicit, what I'm doing in my program is to make a
connection using the apache commons FTPSClient, and I need the ftp
server to get an ident response because otherwise it will refuse my
connection.

This is slightly shocking, given that ident offers about as much security
as crypt.

tom

 

[John B. Matthews]

Yes thats the ident protocol, but what puzzles me is that when I do a
TCP connection from java, apparently it doesnt register (or whatever
telnet does to enable ident response) with the ident service. If
there a property I need to set or something ?

Not one of which I'm aware.

To be completely explicit, what I'm doing in my program is to make a
connection using the apache commons FTPSClient, and I need the ftp
server to get an ident response because otherwise it will refuse my
connection.

I assume you are using java.net.ServerSocket to implement the server.
IIUC, such a server would have to implement RFC1413 explicitly. I don't
know of an existing Java implementation.

 

[steen]

Shouldn't be. The ident daemon should take care of it all. Are you making
the java and telnet connections from the same machine? Is it possible
there isn't an ident daemon running on the machine where the java program
is running?

Well the tests (the java and the telnet) are run from the same
machine, so
the ident daemon is running. It just wont give a response when the
connection
is made from java.

This is slightly shocking, given that ident offers about as much security
as crypt.

I know, but unfortunately I have to connect to a legacy system, where
replacing
that is out-of-scope for my current task.

/Steen

 

[steen]

Not one of which I'm aware.

Hm, not the answer I was hoping for..

I assume you are using java.net.ServerSocket to implement the server.
IIUC, such a server would have to implement RFC1413 explicitly. I don't
know of an existing Java implementation.

Well the server part is an old legacy system, but I would expect that
the server
implements RFC1413 since it gets an ident response when I connect
using
telnet.

/Steen

 

[John B. Matthews]

Hm, not the answer I was hoping for..


Well the server part is an old legacy system, but I would expect that
the server implements RFC1413 since it gets an ident response when I
connect using telnet.

Is your Java client sending the correct query request to the server, as
specified in section 4 of the RFC?

4. QUERY/RESPONSE FORMAT

<http://www.faqs.org/rfcs/rfc1413.html>

 

[steen]

Is your Java client sending the correct query request to the server, as
specified in section 4 of the RFC?

4. QUERY/RESPONSE FORMAT

<http://www.faqs.org/rfcs/rfc1413.html>

Well, I've tried to run a tcpdump on the test machine to see what goes
on,
and I can see that the ftp server does ask the ident-daemon for an
ident,
but when I connect to the server from java, the response is NO-USER.

You can see the relevant tcpdump output here: http://pastebin.com/McJFb4nD

The first 2 entries are when I connect to the ftp-server using telnet
and
the resonse is as expected.

The last 2 entries are when I connect from java, and the response is
NO-USER.

Any thoughts ?

/Steen

 

[Tom Anderson]

Well, I've tried to run a tcpdump on the test machine to see what goes
on, and I can see that the ftp server does ask the ident-daemon for an
ident, but when I connect to the server from java, the response is
NO-USER.

You can see the relevant tcpdump output here: http://pastebin.com/McJFb4nD

The first 2 entries are when I connect to the ftp-server using telnet
and the resonse is as expected.

The last 2 entries are when I connect from java, and the response is
NO-USER.

Any thoughts ?

1. Try a unix and/or networking group as well as this one; i doubt this is
a java problem per se.

2. What user are you running the java program as? root?

3. Does anyone have a .noident file in their home directory?

4. What does

netstat --inet -lp | grep $JAVA_PROGRAM_PID

say while the connection is open? Anything weird?

5. Has the java program sent anything over the socket at this point? Is it
definitely still open? I wonder if identd can't work out the owner of a
socket if it either hasn't been properly initialised yet (and there's some
kind of lazy initialisation going on under the hood) or it's already been
shut down.

6. If you're on linux, try running identd under strace and looking for
calls to sysctl - assuming you have a recent version of identd, that's how
it retrieves information about connections. If you're not, then there
should be some other combination of tracer and system call that does the
equivalent. There may be something in the output from that that indicates
why it doesn't spill the beans on the java program's connection.

tom

--
For the first few years I ate lunch with he mathematicians. I soon found
that they were more interested in fun and games than in serious work,
so I shifted to eating with the physics table. There I stayed for a
number of years until the Nobel Prize, promotions, and offers from
other companies, removed most of the interesting people. So I shifted
to the corresponding chemistry table where I had a friend. At first I
asked what were the important problems in chemistry, then what important
problems they were working on, or problems that might lead to important
results. One day I asked, "if what they were working on was not important,
and was not likely to lead to important things, they why were they working
on them?" After that I had to eat with the engineers! -- R. W. Hamming