oidentd - TCP/IP Ident protocol server
oidentd [options]
[ -dehiImoqSv ]
[ -a <host> ]
[ -c <charset> ]
[ -C <config file> ]
[ -f <port> ]
[ -p <port> ]
[ -P <host> ]
[ -o or --other=[<OS string>] ]
[ -t or --timeout=<seconds> ]
[ -g or --group=<group|GID> ]
[ -l or --limit=<number>]
[ -r or --reply=<string> ]
[ -u or --user=<username|UID> ]
oidentd is a server that implements the Identification
Protocol as specified in RFC 1413.
oidentd operates by looking up specific TCP connections and
returning the user name of the process owning the connection.
- -a or
--address=<address|hostname>
- Listen for connections on the specified address. If this option is
specified multiple times, oidentd will listen on all specified IP
addresses. The default is to listen for connections on all configured IP
addresses.
- -c or
--charset=<charset>
- Use the specified alternate charset.
- -C or --config=<config
file>
- Use the specified file as the configuration file. The default location of
the configuration file is /etc/oidentd.conf.
- -d or --debug
- Enable debugging. This causes debugging messages to be printed via syslog.
This option can be useful when trying to track down the cause of failed
lookups. Note that this option is only available if oidentd has
been compiled with the --enable-debug flag.
- -e or --error
- Return "UNKNOWN-ERROR" for all errors, so as not to divulge any
unnecessary information to remote clients.
- -f or
--forward=[<port>]
- When IP masquerading support is enabled, forward requests for machines
that masquerade through us to those machines on the specified port. If a
port is not given, oidentd will use the default port for the ident
service ("auth" or port 113). If the forwarded request fails,
oidentd will fall back to reading the /etc/oidentd_masq.conf
file. In order for forwarding to work, the machine to which the connection
is forwarded must also be running oidentd, and oidentd must
be run with the -P switch specifying the host that is forwarding
the connections. If the ident daemon on the host to which the connection
is forwarded is capable of returning a fixed string for any lookup (for
example, the ident server built in to the mIRC windows IRC client), it is
not necessary to run oidentd on that host. This option implies
--masquerade.
- -g or
--group=<group|GID>
- Run as the specified group or GID. If this option is not given,
oidentd falls back to running as oidentd, nobody,
nogroup, or GID 65534, in this order. On systems where
oidentd requires superuser privileges, a warning is displayed and
the group is not changed implicitly.
- -i or --foreground
- Run interactively, not as a daemon. This is useful for debugging, or when
running from a service manager such as daemontools.
- -I or --stdio
- Service only a single client request, then exit. The client is expected to
already be connected via stdin and stdout. This mode is useful when
running from listener utilities such as inetd(8), xinetd(8)
or tcpserver(8). This option implies -i (run in foreground)
also.
- -l or
--limit=<number>
- Allow, at most, the specified number of open connections at once.
- -m or --masquerade
- Enable support for ident queries for masqueraded/NAT connections. See
oidentd_masq.conf(5) for details on configuring support for
masqueraded/NAT connections.
- -M or
--masquerade-first
- Check IP masquerading file before forwarding.
- -o or
--other=[<string>]
- The string specified will be returned as the OS string by default for all
successful ident lookups. If no argument is given, "OTHER" will
be returned instead of the name of the operating system. The client side
(with ident in general, not just with oidentd) may interpret some
requests as having failed when some other string is returned instead of
the name of the actual operating system.
- -p or
--port=<port>
- Listen on the specified port.
- -P or
--proxy=<host>
- The specified host acts as a proxy, forwarding connections to us. This
option must be enabled when connections on the machine on which
oidentd is running are masqueraded through another host and the
host through which the connections are masqueraded forwards requests to
us.
- -q or --quiet
- Quiet mode; do not log any status messages to syslog.
- -S or --nosyslog
- Log any status messages to stderr, not syslog. This is useful for
debugging or integration with external loggers such as multilog(8).
- -t or
--timeout=<seconds>
- Sets the number of seconds to wait for input from a client before closing
the connection.
- -u or
--user=<user|UID>
- Run as the specified user or UID. If this option is not given,
oidentd falls back to running as oidentd, nobody, or
UID 65534, in this order. On systems where oidentd requires
superuser privileges, a warning is displayed and the user is not changed
implicitly.
- -U or --udb
- Perform lookups in the UDB shared memory tables, both for connections
originating on the local host and for masqueraded connections. When a
match is found, it will be used instead of the values supplied by the
operating system, for either masqueraded entries (with the -m flag)
or normal TCP connections. Entries in the table which don't match any
local user will be returned verbatim. This allows oidentd to
cooperate with other programs (e.g. RADIUS servers or proxies) to give
valid replies for dynamic connections.
- -r or
--reply=<string>
- Upon a failed lookup, the specified string will be returned to the client
as if the lookup had succeeded.
- -v or --version
- Display version information and exit.
- -h or --help
- Display options and exit.
- /etc/oidentd.conf
- The system-wide configuration file.
- /etc/oidentd_masq.conf
- The NAT/IP masquerading mappings.
- $HOME/.oidentd.conf
- Per-user configuration file.
Janik Rabe <oidentd@janikrabe.com>
https://oidentd.janikrabe.com
Originally written by Ryan McCabe <ryan@numb.org>.
Please report any bugs to Janik Rabe
<oidentd@janikrabe.com>.