We dumped the default sun finger in favour of sfingerd which in our case is setup to disallow chained fingers and finger @host (it returns a "how to contact us" message) It is also useful in case of finger user@host as it only returns verification that the user exists, with no indication of being online or shell type. Additionally by user request we can remove them from even this level of verification or change their finger "real name" without adjusting /etc/passwd. The main reason for change was our country's privacy laws, but the security enhancements are a big plus. AB