README
1PFinger - an internet user information suite
2
3Contents
4
5 1. Introduction
6 2. Installation
7 3. Compatibility with GNU Finger
8 4. Using the Client
9 5. What PFinger does not (but standard finger does)
10
111. Introduction
12
13This packages contains a finger deamon, a graphical pfinger client
14and site finger deamon.
15It also contains a standard finger client.
16
17PIPserver is an implementation of a server of the Personal Information
18Protocol (PIP). You may guess what PIPclient is.
19
20Consider the client to be a sample implementation. It is not needed to
21run (or compile) the server. It is probably not that featureful as you
22would like, but it is handy to have it around as long you have no
23other client.
24
25Read more about PIP in the doc/ subdirectory.
26
272. Installation
28
29Basically you do:
30
31./configure
32make
33make install
34
35Modify /etc/inetd.conf to contain the following line:
36
37finger stream tcp nowait nobody /usr/sbin/tcpd /usr/sbin/in.fingerd
38
39(this may vary on your platform)
40
41See also the file INSTALL in this directory
42
433. Compatibility with GNU Finger
44
45PIPserver has GNU Finger compatibility mode which allows you to run
46GNU Finger on your site while using the featuers of the PIPserver:
47
48You may simply replace the GNU Finger in.fingerd (which only handles
49requests from "normal" finger clients) with the PIPserver
50in.fingerd. This does not harm the site reporting capabilities of GNU
51Finger since it uses a seperate in.cfingerd for its functions.
52
53Note: you have to start the PIPserver in.fingerd with the "-g"
54option.
55
564. Using the Client
57
58Information about using the client may be found in the man page, pfinger(1).
59
605. What PFinger does not (but standard finger does)
61
62- Indirect lookups (finger user@hostB@hostA) are not handled
63 This not a bug, it's a feature :-)
64 Seriously: Many people consider indirect fingers a security risk.
65
66- Does not give away unnecessary information, that would only be
67 helpful to an intruder:
68
69 Does not give away:
70 - home directory : uninteresting
71 - user's shell : uninteresting
72 - last login time : interesting, but dangerous (an intruder could
73 find seldom used logins to break in).
74
75- Users with an user id of less than 100 (defined in in.fingerd.c but
76 configurable in /etc/fingerconf) and users with a file ~/.nofinger
77 are hidden from fingering:
78
79 - No printing of user information (finger user@host)
80 - No printing of online information (finger @host)
81 (These accounts are like non-existant to finger)
82
83 Note: The second point does not work in GNU Finger compatibility mode
84 (but it does work for the user with user name 'root')
85