The CFINGERD FAQ version 0.4.1
by Ken Hollis

   This FAQ is provided to give information about the cfingerd daemon 
   program, and to answer some frequently answered questions.  These are 
   some of the questions I get asked frequently, and some of the 
   questions I figured I should clear up.

   CFINGERD is a free finger daemon replacement for standard finger
   daemons such as GNU Finger, MIT Finger, or KFINGERD.  CFINGERD is highly 
   becoming a respected standard as the finger daemon to use.  If you are
   unsure about which finger daemon to get, please read over this 
   document before re-enabling your finger daemon!

--

WHAT WILL CFINGERD PROVIDE OVER NORMAL FINGER?

   CFINGERD is a program that provides a nicely formatted user information
   display.  CFINGERD was programmed with the idea that SECURITY was the
   top issue in any finger program.  Many sites will receive a root finger
   before they are attacked.  With this finger program, you can now turn
   off the ability to have root fingered by adding a ".nofinger" file, or
   a file that doesn't allow for fingering of that user (or anonymity.)

   Aside from being security conscious, CFINGERD also offers a great deal
   of other features that normal finger just couldn't provide.  Among
   these are the ability emulate users with scripts, log any finger
   requests either by user or globally, offer custom finger services,
   display header and footer advertisements, and a nicely formatted
   user display to name a few.

   Of course, you could get GNU's CFINGERD, which is ten times larger,
   harder to configure, and requires more work to do what you could do with
   CFINGERD in just five minutes.  Read over this FAQ.  After you're done,
   read the "README" file, and follow the directions.


WHERE CAN I GET CFINGERD?

   CFINGERD's main archive is available on ftp.bitgate.com, which can be
   downloaded from the /pub/cfingerd directory.  You will want to check this
   directory on a periodic basis if any announcements are given regarding
   program updates.  Non-official updates (or BETA versions) are also
   available on this site.  You may want to check the site once a week or so
   to check on new updates.  Usually, the betas are in testing, and will
   not be given tech support, so be warned.

   The alternative is to get CFINGERD from sunsite.unc.edu in the directory
   /pub/Linux/system/Network/finger.  This is the main upload site for any
   updates after they become official.


HOW DO I INSTALL CFINGERD ONCE I GET IT?

   The answer is simple.  Simply type "Configure" and answer the questions
   the configuration script prompts you for.  Once that's done, simply
   edit the necessary files, or type "make all" and you will be on your way
   to a complete install of cfingerd.  You will also need to add a line to
   inetd.conf (or at least change one.)  Those instructions are in the
   included "README" file with the standard distribution.


WHAT OPERATING SYSTEMS ARE COMPATIBLE WITH CFINGERD?

   Currently, only Linux and BSD are supported.  If you have an operating
   system other than those mentioned, and know enough about C to provide a
   patch, my E-Mail door is always open.  :)


IS THERE A MAILING LIST FOR UPDATES?

   Not any longer.  The mailing list was cancelled because too many projects
   are in the works, and I don't have enough time to keep up with all of the
   many projects that are being developed.  If you have a question about the
   program, or just have a suggestion, just write khollis@bitgate.com some
   E-Mail.  Flames will be politely ignored.


I HAVE A PATCH - HOW DO I SUBMIT THE PATCH FOR APPROVAL?

   Most E-Mail I receive for patches are added without even blinking an eye.
   If you have a patch, please just E-Mail the source to me, and I'll add it.


WHAT ABOUT A WEB PAGE?

   CFINGERD does have a web page, and its URL is:

   http://www.bitgate.com/~khollis/cfingerd.html

--

Commonly asked questions:

Q. Do you need to have cfingerd run with tcpd?

A. No.  RFC1413 (Host identification) has been put into cfingerd as an
   accepted standard.  RFC1413 not only provides security for your system,
   but it also identifies who's accessing your system at a given time.
   Since rfc1413 support is internal, there's no reason to run the tcpd
   wrapper around the program.


Q. When someone fingers my machine, it loops around and keeps spawning finger
   processes on my machine!  Help!

A. The reason this is happening is most likely because you have a finger
   forward that forwards to another system which is pointing back to your
   own originating system.  This will cause an endless loop.  CFINGERD
   will fix this in a later revision (hopefully.)

   Another cause could be that you've got multiple finger list sites that
   are pointing to each other.  For instance, you set up one finger site
   on one system, and another on one other computer.  On computer "A", it
   points to "foo.com", and "foo.com" points to "bleah.com".  Well, since
   computer "A" is bleah.com, it will keep looping and looping, and looping.
   The way to stop this is to set system_list_sites to one entry, and make
   that entry "localhost".

   There are many solutions to this problem.  The best one that comes to
   mind may be the fact that you have ALLOW_FINGER_FORWARDING turned on,
   and no entries in the finger_forward listing of hosts.  Having an
   entry of localhost alone in this section will make the processes spawn
   over-and-over again.


Q. When a site fingers my system, I get a syslog entry that says
   "unknown@alarm.signal".

A. This simply means that the site that fingered your system failed to 
   respond to an RFC1413 client query, and thusly timed out, returning
   a standard unknown response.


Q. When someone fingers my system, I get "illegal character in username".

A. Your finger program may be sending a "-L" or a "/W" command when fingering
   the system.  cfingerd does not support the long formatted display of
   normal GNU finger.  This is not an RFC standard, anyway.  The way to
   remedy this is to either remove the alias to "finger -l" or to get a new
   finger program altogether.


Q. My header files aren't being displayed properly.  cfingerd's not
   intercepting the commands.

A. Try adding the line "+ALLOW_LINE_PARSING" to your internal_config
   section.  That usually helps.


Q. The no-name banner isn't showing, and I have it set to true!

A. Make sure system_list is set to FALSE for remote systems.  If it's not,
   the SYSTEM_LIST variable (if set to true) will override the
   NO_NAME_BANNER option.


Q. I have a big site, and I'm trying to list users that are on that site!
   It's not working, and I'm sure I've set it up correctly!

A. Make sure that "+ALLOW_USERLIST_ONLY" is set in the internal_config
   section.  Also, make sure that "localhost" is the last entry in the
   system_list_sites configuration section.  If it's placed anywhere else
   in that section, it will stop at that entry.  "localhost" is considered
   to be the ending entry.

--

Ken Hollis <khollis@bitgate.com>
Bitgate Software
