1OIDENTD(8) oidentd User Manual OIDENTD(8)
2
3
4
6 oidentd - flexible, RFC 1413 compliant ident daemon with NAT support
7
9 oidentd [OPTIONS]
10
12 oidentd implements the Identification Protocol as described in RFC
13 1413. By default, oidentd replies with the username of the owner of
14 connections. This behavior can be altered in oidentd.conf(5) and by
15 using the options specified in this document.
16
18 -a, --address=ADDRESS
19 Bind to the specified address. This option causes oidentd to listen
20 for incoming connections only on the specified address or addresses
21 instead of on all interfaces. This option may be specified more
22 than once to configure multiple addresses.
23
24 -c, --charset=CHARSET
25 Inform clients that ident replies use the specified character set
26 as defined in RFC 1340 or its successors. The default is not to
27 send a character set to clients.
28
29 -C, --config=FILE
30 Use the specified system-wide configuration file. If this option is
31 not given, oidentd defaults to /etc/oidentd.conf. The format of the
32 system-wide configuration file is described in oidentd.conf(5).
33
34 -d, --debug
35 Show debug messages, including detailed lookup information that may
36 be useful for diagnosing issues with failed lookups. This option is
37 only available if oidentd was compiled with debugging support.
38
39 -e, --error
40 Hide error messages, returning UNKNOWN-ERROR for all errors. This
41 includes the NO-USER, HIDDEN-USER and INVALID-PORT errors. This
42 option may be used to conceal the fact that oidentd is hiding ident
43 responses for a user.
44
45 -f, --forward=[PORT]
46 Forward requests for hosts masquerading through the server oidentd
47 is running on to the host that established the corresponding
48 connection. The target host must be running oidentd with the
49 --proxy option, or some ident server returning static responses
50 regardless of the query. If no port is specified, the default ident
51 port (113) is used. If forwarding fails, oidentd falls back to the
52 response specified in oidentd_masq.conf(5). This option implies
53 --masquerade. The --masquerade-first option can be used to forward
54 queries only if no response was specified in oidentd_masq.conf(5).
55
56 -g, --group=GROUP|GID
57 Run as the specified group or GID. If this option is not given,
58 oidentd falls back to running as "oidentd", "nobody", "nogroup" or
59 GID 65534, in this order. On systems that require oidentd to run as
60 the superuser, a warning is shown and the group is not changed
61 automatically.
62
63 -h, --help
64 Print a summary of options and exit.
65
66 -i, --foreground
67 Do not fork to background. This option may be useful for debugging,
68 or for running oidentd from a service manager like systemd(1) with
69 Type=simple.
70
71 -I, --stdio
72 Read a single ident query from standard input, write the response
73 to standard output, then exit. This option may be useful for
74 debugging, or when running oidentd from a listener daemon such as
75 xinetd(8).
76
77 -l, --limit=MAX
78 Limit the maximum number of concurrent connections to the specified
79 value. Further connections beyond this limit will be closed
80 immediately without spawning a new process. If this option is not
81 specified, no limit is enforced.
82
83 -m, --masquerade
84 Enable support for NAT connections, allowing Ident lookups intended
85 for hosts masquerading through the server running oidentd. Ident
86 responses for NAT connections can be configured in the
87 oidentd_masq.conf(5) configuration file.
88
89 -M, --masquerade-first
90 If an entry matching the target host exists in the
91 oidentd_masq.conf(5) configuration file, return the configured
92 Ident response instead of forwarding the query. With this option,
93 queries are forwarded only if no static response has been
94 configured. If this option is not specified, the default behavior
95 of --forward is to forward queries before checking the
96 oidentd_masq.conf(5) file. This option implies --forward and
97 --masquerade.
98
99 -o, --other=[OS]
100 Set an alternative operating system string to send alongside ident
101 responses. Note that some clients may interpret queries as having
102 failed when an unknown operating system is returned. If this option
103 is not specified, the value UNIX is used. If this option is
104 specified without an argument, OTHER is returned.
105
106 -p, --port=PORT
107 Listen on the specified port instead of port 113.
108
109 -P, --proxy=ORIGIN
110 Allow the specified host to forward queries to this instance using
111 the --forward option. If --reply is not specified, this option must
112 be enabled for oidentd to correctly handle forwarded connections.
113
114 -q, --quiet
115 Suppress normal logging, showing only critical messages.
116
117 -r, --reply=REPLY
118 When a lookup fails, send the specified ident response as if it had
119 succeeded.
120
121 -R, --reply-all=REPLY
122 Send the specified reply in response to all well-formed queries.
123 When this option is used, the configuration files are not read and
124 connection lookups are never performed. Privileged initialization
125 is not performed on systems that would otherwise require it, so
126 unprivileged users can run oidentd with this option as long as they
127 have permission to bind the requested port.
128
129 -S, --nosyslog
130 Log messages to the standard error stream, even if it is not a
131 terminal. If standard error is a terminal, messages are written to
132 it by default.
133
134 -t, --timeout=SECONDS
135 Close connections if no ident query is received within the
136 specified number of seconds. By default, connections are closed
137 after 30 seconds.
138
139 -u, --user=USER|UID
140 Run as the specified user or UID. If this option is not given,
141 oidentd falls back to running as "oidentd", "nobody" or UID 65534,
142 in this order. On systems that require oidentd to run as the
143 superuser, a warning is shown and the user is not changed
144 automatically.
145
146 -U, --udb
147 Look up connection owners using libudb. Lookup results that do not
148 match any local user are returned verbatim. If a UDB lookup fails,
149 the operating system is queried directly. This option also applies
150 to NAT connections if the --masquerade option is specified.
151
152 -v, --version
153 Print version and build information and exit.
154
156 /etc/oidentd.conf
157 System-wide configuration file; see oidentd.conf(5).
158
159 ~/.config/oidentd.conf, ~/.oidentd.conf
160 User configuration files; see oidentd.conf(5).
161
162 /etc/oidentd_masq.conf
163 Masquerading configuration file; see oidentd_masq.conf(5).
164
166 Janik Rabe <oidentd@janikrabe.com>
167 https://oidentd.janikrabe.com
168
169 Originally written by Ryan McCabe.
170
172 Please report any bugs to Janik Rabe <oidentd@janikrabe.com>.
173
175 oidentd.conf(5) oidentd_masq.conf(5)
176
177
178
179oidentd 2.5.0 OIDENTD(8)