Site Tools


ircuser

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

ircuser [2006/09/28 23:18] (current)
Line 1: Line 1:
 +# $EPIC: ircuser.txt,​v 1.3 2006/09/19 10:52:37 sthalik Exp $
 +======Synopsis:​======
 +__ircuser__ <​username>​
 +
 +======About usernames, registration,​ and identd:​======
 +Whenever you connect to an irc server, the client sends some information
 +about you to the server (``registration''​). ​ One of the pieces of infor-
 +mation it sends is your "​username"​. ​ This is supposed to be the name of
 +the account you are logged into.  The server treats this username as
 +nothing more than a fallback value; a hint.  The server does not trust
 +the client to send trustworthy data (and why should it?  The user has
 +control over the client. ;-)
 +
 +By default, the server always queries your username by asking the ident
 +(auth) service that is running on your machine (using RFC 1413). ​ If your
 +host is running identd, then the value returned by identd will be used as
 +your username and the "​hint"​ provided at registration time is ignored.
 +If your host is not running identd, then the value provided at registration
 +time is used, but is prepended with a ~ (tilde) to warn other irc users 
 +that the username was not authenticated.
 +
 +It is a good idea to be running an identd, and many servers on large public
 +networks absolutely require that you be running identd before they will 
 +accept your registration. ​ This is for your protection, rather than being
 +an annoyance...
 +
 +In the modern irc world, most of the irc users are running windows, where
 +this is no concept of a username, and hence the username you see for them
 +is ultimately provided by the client. ​ Most reputable windows clients
 +provide their own identd server which just returns the same username that
 +the client provided at registration time.  Therefore, the username that 
 +you get for a user is not really of much value at all, even if it is 
 +"​authenticated"​.
 +
 +One of the features of the identd service is that if you ask it for the
 +username of a connection that does not exist, it will return an error 
 +code.  A popular irc attack is to forge many irc connections (and 
 +registration attempts) from a victim'​s ip address so many times as to 
 +annoy an operator enough into falsely K-lining the victim for running
 +clonebots.
 +
 +Every time a connection is made to an irc server, the server asks the
 +identd service on the connecting host what the username is for the new
 +connection. ​ If the connection is fraudulent (forged), identd will return
 +an error, and the server will consider the connection non-authenticated.
 +
 +Thus, if a server forbids all non-authenticated users, then by rule all
 +connections on the server have been positively confirmed by an identd ​
 +service running on the connecting host to be valid and truthful. ​ It is
 +therefore possible to hold responsible people who do rude things to others
 +since it is not possible to forge connections with others'​ addresses.
 +
 +There are three lessons here:
 +   1) DO run an identd service, even if it is one that lets you control
 +      what it returns as your username. ​ The server isn't interested in 
 +      what your username is, only that the connection actually came from
 +      you.  Running an identd service is your first line of defense from 
 +      others who would try to get you in trouble.
 +   2) DON'T run an identd service that returns a dummy username for all
 +      requests valid or invalid. ​ That will make it look like you really ​
 +      *are* running clonebots and will get you in trouble.
 +   3) DON'T run an identd service that returns an error for all requests
 +      valid or invalid. ​ That makes it look like your (valid) connections
 +      are actually forgeries and many large public servers don't want any
 +      forged connections.
 +
 +Do your part.  Run identd for the good of IRC.
 +
 +======Description:​======
 +You can use this command to change the default "​hint"​ that is sent by
 +EPIC to the server every time you establish a new server connection.
 +This "​hint"​ is overridden by whatever your identd server returns, and
 +you **are** running an identd server, right? ;-)  Because the "​hint"​ is
 +generally discarded, being able to set the "​hint"​ is a moot point.
 +
 +You must, of course, [[reconnect command|reconnect]] after you use
 +__ircuser__ before your new username will be seen to other users (if at
 +all).
  
ircuser.txt ยท Last modified: 2006/09/28 23:18 (external edit)