1oidentd(8) System Manager's Manual oidentd(8)
2
6 oidentd - TCP/IP Ident protocol server
7
10 oidentd [options]
11 [ -dehiImoqSv ]
13 [ -a <host> ]
14 [ -c <charset> ]
15 [ -C <config file> ]
16 [ -f <port> ]
17 [ -p <port> ]
18 [ -P <host> ]
19 [ -o or --other=[<OS string>] ]
20 [ -t or --timeout=<seconds> ]
21 [ -g or --group=<group|GID> ]
22 [ -l or --limit=<number>]
23 [ -r or --reply=<string> ]
24 [ -u or --user=<username|UID> ]
25
28 oidentd is a server that implements the Identification Protocol as
29 specified in RFC 1413.
30 oidentd operates by looking up specific TCP connections and returning
32 the user name of the process owning the connection.
33
36 -a or --address=<address|hostname>
37 Listen for connections on the specified address. If this option
38 is specified multiple times, oidentd will listen on all speci‐
39 fied IP addresses. The default is to listen for connections on
40 all configured IP addresses.
41 -c or --charset=<charset>
44 Use the specified alternate charset.
45 -C or --config=<config file>
48 Use the specified file as the configuration file. The default
49 location of the configuration file is /etc/oidentd.conf.
50 -d or --debug
53 Enable debugging. This causes debugging messages to be printed
54 via syslog. This option can be useful when trying to track down
55 the cause of failed lookups. Note that this option is only
56 available if oidentd has been compiled with the --enable-debug
57 flag.
58 -e or --error
61 Return "UNKNOWN-ERROR" for all errors, so as not to divulge any
62 unnecessary information to remote clients.
63 -f or --forward=[<port>]
66 When IP masquerading support is enabled, forward requests for
67 machines that masquerade through us to those machines on the
68 specified port. If a port is not given, oidentd will use the
69 default port for the ident service ("auth" or port 113). If the
70 forwarded request fails, oidentd will fall back to reading the
71 /etc/oidentd_masq.conf file. In order for forwarding to work,
72 the machine to which the connection is forwarded must also be
73 running oidentd, and oidentd must be run with the -P switch
74 specifying the host that is forwarding the connections. If the
75 ident daemon on the host to which the connection is forwarded is
76 capable of returning a fixed string for any lookup (for example,
77 the ident server built in to the mIRC windows IRC client), it is
78 not necessary to run oidentd on that host.
79 -g or --group=<group|GID>
82 Run as the specified group or GID. If this option is not given,
83 oidentd falls back to running as oidentd, nobody, nogroup, or
84 GID 65534, in this order. On systems where oidentd requires
85 superuser privileges, a warning is displayed and the group is
86 not changed implicitly.
87 -i or --foreground
90 Run interactively, not as a daemon. This is useful for debug‐
91 ging, or when running from a service manager such as daemon‐
92 tools.
93 -I or --stdio
96 Service only a single client request, then exit. The client is
97 expected to already be connected via stdin and stdout. This mode
98 is useful when running from listener utilities such as inetd(8),
99 xinetd(8) or tcpserver(8). This option implies -i (run in fore‐
100 ground) also.
101 -l or --limit=<number>
104 Allow, at most, the specified number of open connections at
105 once.
106 -m or --masquerade
109 Enable support for ident queries for masqueraded/NAT connec‐
110 tions. See oidentd_masq.conf(5) for details on configuring sup‐
111 port for masqueraded/NAT connections.
112 -M or --masquerade-first
115 Check IP masquerading file before forwarding.
116 -o or --other=[<string>]
119 The string specified will be returned as the OS string by
120 default for all successful ident lookups. If no argument is
121 given, "OTHER" will be returned instead of the name of the oper‐
122 ating system. The client side (with ident in general, not just
123 with oidentd) may interpret some requests as having failed when
124 some other string is returned instead of the name of the actual
125 operating system.
126 -p or --port=<port>
129 Listen on the specified port.
130 -P or --proxy=<host>
133 The specified host acts as a proxy, forwarding connections to
134 us. This option must be enabled when connections on the machine
135 on which oidentd is running are masqueraded through another host
136 and the host through which the connections are masqueraded for‐
137 wards requests to us.
138 -q or --quiet
141 Quiet mode; do not log any status messages to syslog.
142 -S or --nosyslog
145 Log any status messages to stderr, not syslog. This is useful
146 for debugging or integration with external loggers such as mul‐
147 tilog(8).
148 -t or --timeout=<seconds>
151 Sets the number of seconds to wait for input from a client
152 before closing the connection.
153 -u or --user=<user|UID>
156 Run as the specified user or UID. If this option is not given,
157 oidentd falls back to running as oidentd, nobody, or UID 65534,
158 in this order. On systems where oidentd requires superuser priv‐
159 ileges, a warning is displayed and the user is not changed
160 implicitly.
161 -U or --udb
164 Perform lookups in the UDB shared memory tables, both for con‐
165 nections originating on the local host and for masqueraded con‐
166 nections. When a match is found, it will be used instead of the
167 values supplied by the operating system, for either masqueraded
168 entries (with the -m flag) or normal TCP connections. Entries in
169 the table which don't match any local user will be returned ver‐
170 batim. This allows oidentd to cooperate with other programs
171 (e.g. RADIUS servers or proxies) to give valid replies for
172 dynamic connections.
173 -r or --reply=<string>
176 Upon a failed lookup, the specified string will be returned to
177 the client as if the lookup had succeeded.
178 -v or --version
181 Display version information and exit.
182 -h or --help
185 Display options and exit.
186
189 /etc/oidentd.conf
190 The system-wide configuration file.
191 /etc/oidentd_masq.conf
194 The NAT/IP masquerading mappings.
195 $HOME/.oidentd.conf
198 Per-user configuration file.
199
202 Janik Rabe <oidentd@janikrabe.com>
203 https://oidentd.janikrabe.com
204 Originally written by Ryan McCabe <ryan@numb.org>.
206
209 Please report any bugs to Janik Rabe <oidentd@janikrabe.com>.
210
213 oidentd.conf(5) oidentd_masq.conf(5)
214version 2.3.1 2018-06-13 oidentd(8)