1OIDENTD(8)                    oidentd User Manual                   OIDENTD(8)
2
3
4

NAME

6       oidentd - flexible, RFC 1413 compliant ident daemon with NAT support
7

SYNOPSIS

9       oidentd [OPTIONS]
10

DESCRIPTION

12       oidentd implements the Identification Protocol as described in RFC
13       1413. By default, oidentd replies with the username of the owner of
14       connections. This behavior can be altered in oidentd.conf(5) and by
15       using the options specified in this document.
16

OPTIONS

18       -a, --address=ADDRESS
19           Bind to the specified address. This option causes oidentd to listen
20           for incoming connections only on the specified address or addresses
21           instead of on all interfaces. This option may be specified more
22           than once to configure multiple addresses.
23
24       -c, --charset=CHARSET
25           Inform clients that ident replies use the specified character set
26           as defined in RFC 1340 or its successors. The default is not to
27           send a character set to clients.
28
29       -C, --config=FILE
30           Use the specified system-wide configuration file. If this option is
31           not given, oidentd defaults to /etc/oidentd.conf. The format of the
32           system-wide configuration file is described in oidentd.conf(5).
33
34       -d, --debug
35           Show debug messages, including detailed lookup information that may
36           be useful for diagnosing issues with failed lookups. This option is
37           only available if oidentd was compiled with debugging support.
38
39       -e, --error
40           Hide error messages, returning UNKNOWN-ERROR for all errors. This
41           includes the NO-USER, HIDDEN-USER and INVALID-PORT errors. This
42           option may be used to conceal the fact that oidentd is hiding ident
43           responses for a user.
44
45       -f, --forward=[PORT]
46           Forward requests for hosts masquerading through the server oidentd
47           is running on to the host that established the corresponding
48           connection. The target host must be running oidentd with the
49           --proxy option, or some ident server returning static responses
50           regardless of the query. If no port is specified, the default ident
51           port (113) is used. If forwarding fails, oidentd falls back to the
52           response specified in oidentd_masq.conf(5). This option implies
53           --masquerade. The --masquerade-first option can be used to forward
54           queries only if no response was specified in oidentd_masq.conf(5).
55
56       -g, --group=GROUP|GID
57           Run as the specified group or GID. If this option is not given,
58           oidentd falls back to running as "oidentd", "nobody", "nogroup" or
59           GID 65534, in this order. On systems that require oidentd to run as
60           the superuser, a warning is shown and the group is not changed
61           automatically.
62
63       -h, --help
64           Print a summary of options and exit.
65
66       -i, --foreground
67           Do not fork to background. This option may be useful for debugging,
68           or for running oidentd from a service manager like systemd(1) with
69           Type=simple.
70
71       -I, --stdio
72           Read a single ident query from standard input, write the response
73           to standard output, then exit. This option may be useful for
74           debugging, or when running oidentd from a listener daemon such as
75           xinetd(8).
76
77       -l, --limit=MAX
78           Limit the maximum number of concurrent connections to the specified
79           value. Further connections beyond this limit will be closed
80           immediately without spawning a new process. If this option is not
81           specified, no limit is enforced.
82
83       -m, --masquerade
84           Enable support for NAT connections, allowing Ident lookups intended
85           for hosts masquerading through the server running oidentd. Ident
86           responses for NAT connections can be configured in the
87           oidentd_masq.conf(5) configuration file.
88
89       -M, --masquerade-first
90           If an entry matching the target host exists in the
91           oidentd_masq.conf(5) configuration file, return the configured
92           Ident response instead of forwarding the query. With this option,
93           queries are forwarded only if no static response has been
94           configured. If this option is not specified, the default behavior
95           of --forward is to forward queries before checking the
96           oidentd_masq.conf(5) file. This option implies --forward and
97           --masquerade.
98
99       -o, --other=[OS]
100           Set an alternative operating system string to send alongside ident
101           responses. Note that some clients may interpret queries as having
102           failed when an unknown operating system is returned. If this option
103           is not specified, the value UNIX is used. If this option is
104           specified without an argument, OTHER is returned.
105
106       -p, --port=PORT
107           Listen on the specified port instead of port 113.
108
109       -P, --proxy=ORIGIN
110           Allow the specified host to forward queries to this instance using
111           the --forward option. If --reply is not specified, this option must
112           be enabled for oidentd to correctly handle forwarded connections.
113
114       -q, --quiet
115           Suppress normal logging, showing only critical messages.
116
117       -r, --reply=REPLY
118           When a lookup fails, send the specified ident response as if it had
119           succeeded.
120
121       -S, --nosyslog
122           Log messages to the standard error stream, even if it is not a
123           terminal. If standard error is a terminal, messages are written to
124           it by default.
125
126       -t, --timeout=SECONDS
127           Close connections if no ident query is received within the
128           specified number of seconds. By default, connections are closed
129           after 30 seconds.
130
131       -u, --user=USER|UID
132           Run as the specified user or UID. If this option is not given,
133           oidentd falls back to running as "oidentd", "nobody" or UID 65534,
134           in this order. On systems that require oidentd to run as the
135           superuser, a warning is shown and the user is not changed
136           automatically.
137
138       -U, --udb
139           Look up connection owners using libudb. Lookup results that do not
140           match any local user are returned verbatim. If a UDB lookup fails,
141           the operating system is queried directly. This option also applies
142           to NAT connections if the --masquerade option is specified.
143
144       -v, --version
145           Print version and build information and exit.
146

FILES

148       /etc/oidentd.conf
149           System-wide configuration file; see oidentd.conf(5).
150
151       ~/.config/oidentd.conf, ~/.oidentd.conf
152           User configuration files; see oidentd.conf(5).
153
154       /etc/oidentd_masq.conf
155           Masquerading configuration file; see oidentd_masq.conf(5).
156

AUTHOR

158       Janik Rabe <oidentd@janikrabe.com>
159           <https://oidentd.janikrabe.com>
160
161       Originally written by Ryan McCabe.
162

BUGS

164       Please report any bugs to Janik Rabe <oidentd@janikrabe.com>.
165

SEE ALSO

167       oidentd.conf(5) oidentd_masq.conf(5)
168
169
170
171oidentd 2.4.0                                                       OIDENTD(8)
Impressum