1oidentd(8)                  System Manager's Manual                 oidentd(8)
2
3
4

NAME

6       oidentd - TCP/IP Ident protocol server
7
8

SYNOPSIS

10       oidentd [options]
11
12       [ -dehiImoqSv ]
13       [ -a <host> ]
14       [ -c <charset> ]
15       [ -C <config file> ]
16       [ -f <port> ]
17       [ -p <port> ]
18       [ -P <host> ]
19       [ -o or --other=[<OS string>] ]
20       [ -t or --timeout=<seconds> ]
21       [ -g or --group=<group|GID> ]
22       [ -l or --limit=<number>]
23       [ -r or --reply=<string> ]
24       [ -u or --user=<username|UID> ]
25
26

DESCRIPTION

28       oidentd  is  a  server  that  implements the Identification Protocol as
29       specified in RFC 1413.
30
31       oidentd operates by looking up specific TCP connections  and  returning
32       the user name of the process owning the connection.
33
34

OPTIONS

36       -a or --address=<address|hostname>
37              Listen  for connections on the specified address. If this option
38              is specified multiple times, oidentd will listen on  all  speci‐
39              fied  IP  addresses. The default is to listen for connections on
40              all configured IP addresses.
41
42
43       -c or --charset=<charset>
44              Use the specified alternate charset.
45
46
47       -C or --config=<config file>
48              Use the specified file as the configuration  file.  The  default
49              location of the configuration file is /etc/oidentd.conf.
50
51
52       -d or --debug
53              Enable  debugging.  This causes debugging messages to be printed
54              via syslog. This option can be useful when trying to track  down
55              the  cause  of  failed  lookups.   Note that this option is only
56              available if oidentd has been compiled with  the  --enable-debug
57              flag.
58
59
60       -e or --error
61              Return  "UNKNOWN-ERROR" for all errors, so as not to divulge any
62              unnecessary information to remote clients.
63
64
65       -f or --forward=[<port>]
66              When IP masquerading support is enabled,  forward  requests  for
67              machines  that  masquerade  through  us to those machines on the
68              specified port. If a port is not given,  oidentd  will  use  the
69              default  port for the ident service ("auth" or port 113). If the
70              forwarded request fails, oidentd will fall back to  reading  the
71              /etc/oidentd_masq.conf  file.  In  order for forwarding to work,
72              the machine to which the connection is forwarded  must  also  be
73              running  oidentd,  and  oidentd  must  be run with the -P switch
74              specifying the host that is forwarding the connections.  If  the
75              ident daemon on the host to which the connection is forwarded is
76              capable of returning a fixed string for any lookup (for example,
77              the ident server built in to the mIRC windows IRC client), it is
78              not necessary to run oidentd on that host.
79
80
81       -g or --group=<group|GID>
82              Run as the specified group or GID. If this option is not  given,
83              oidentd  falls  back  to running as oidentd, nobody, nogroup, or
84              GID 65534, in this order.  On  systems  where  oidentd  requires
85              superuser  privileges,  a  warning is displayed and the group is
86              not changed implicitly.
87
88
89       -i or --foreground
90              Run interactively, not as a daemon. This is  useful  for  debug‐
91              ging,  or  when  running  from a service manager such as daemon‐
92              tools.
93
94
95       -I or --stdio
96              Service only a single client request, then exit. The  client  is
97              expected to already be connected via stdin and stdout. This mode
98              is useful when running from listener utilities such as inetd(8),
99              xinetd(8) or tcpserver(8).  This option implies -i (run in fore‐
100              ground) also.
101
102
103       -l or --limit=<number>
104              Allow, at most, the specified  number  of  open  connections  at
105              once.
106
107
108       -m or --masquerade
109              Enable  support  for  ident  queries for masqueraded/NAT connec‐
110              tions. See oidentd_masq.conf(5) for details on configuring  sup‐
111              port for masqueraded/NAT connections.
112
113
114       -M or --masquerade-first
115              Check IP masquerading file before forwarding.
116
117
118       -o or --other=[<string>]
119              The  string  specified  will  be  returned  as  the OS string by
120              default for all successful ident  lookups.  If  no  argument  is
121              given, "OTHER" will be returned instead of the name of the oper‐
122              ating system. The client side (with ident in general,  not  just
123              with  oidentd) may interpret some requests as having failed when
124              some other string is returned instead of the name of the  actual
125              operating system.
126
127
128       -p or --port=<port>
129              Listen on the specified port.
130
131
132       -P or --proxy=<host>
133              The  specified  host  acts as a proxy, forwarding connections to
134              us. This option must be enabled when connections on the  machine
135              on which oidentd is running are masqueraded through another host
136              and the host through which the connections are masqueraded  for‐
137              wards requests to us.
138
139
140       -q or --quiet
141              Quiet mode; do not log any status messages to syslog.
142
143
144       -S or --nosyslog
145              Log  any  status  messages to stderr, not syslog. This is useful
146              for debugging or integration with external loggers such as  mul‐
147              tilog(8).
148
149
150       -t or --timeout=<seconds>
151              Sets  the  number  of  seconds  to  wait for input from a client
152              before closing the connection.
153
154
155       -u or --user=<user|UID>
156              Run as the specified user or UID. If this option is  not  given,
157              oidentd  falls back to running as oidentd, nobody, or UID 65534,
158              in this order. On systems where oidentd requires superuser priv‐
159              ileges,  a  warning  is  displayed  and  the user is not changed
160              implicitly.
161
162
163       -U or --udb
164              Perform lookups in the UDB shared memory tables, both  for  con‐
165              nections  originating on the local host and for masqueraded con‐
166              nections. When a match is found, it will be used instead of  the
167              values  supplied by the operating system, for either masqueraded
168              entries (with the -m flag) or normal TCP connections. Entries in
169              the table which don't match any local user will be returned ver‐
170              batim. This allows oidentd  to  cooperate  with  other  programs
171              (e.g.  RADIUS  servers  or  proxies)  to  give valid replies for
172              dynamic connections.
173
174
175       -r or --reply=<string>
176              Upon a failed lookup, the specified string will be  returned  to
177              the client as if the lookup had succeeded.
178
179
180       -v or --version
181              Display version information and exit.
182
183
184       -h or --help
185              Display options and exit.
186
187

FILES

189       /etc/oidentd.conf
190              The system-wide configuration file.
191
192
193       /etc/oidentd_masq.conf
194              The NAT/IP masquerading mappings.
195
196
197       $HOME/.oidentd.conf
198              Per-user configuration file.
199
200

AUTHOR

202       Janik Rabe <oidentd@janikrabe.com>
203       https://oidentd.janikrabe.com
204
205       Originally written by Ryan McCabe <ryan@numb.org>.
206
207

REPORTING BUGS

209       Please report any bugs to Janik Rabe <oidentd@janikrabe.com>.
210
211

SEE ALSO

213       oidentd.conf(5) oidentd_masq.conf(5)
214
215
216
217version 2.3.1                     2018-06-13                        oidentd(8)
Impressum