1OIDENTD(8)                    oidentd User Manual                   OIDENTD(8)
2
3
4

NAME

6       oidentd - flexible, RFC 1413 compliant ident daemon with NAT support
7

SYNOPSIS

9       oidentd [OPTIONS]
10

DESCRIPTION

12       oidentd implements the Identification Protocol as described in RFC
13       1413. By default, oidentd replies with the username of the owner of
14       connections. This behavior can be altered in oidentd.conf(5) and by
15       using the options specified in this document.
16

OPTIONS

18       -a, --address=ADDRESS
19           Bind to the specified address. This option causes oidentd to listen
20           for incoming connections only on the specified address or addresses
21           instead of on all interfaces. This option may be specified more
22           than once to configure multiple addresses.
23
24       -c, --charset=CHARSET
25           Inform clients that ident replies use the specified character set
26           as defined in RFC 1340 or its successors. The default is not to
27           send a character set to clients.
28
29       -C, --config=FILE
30           Use the specified system-wide configuration file. If this option is
31           not given, oidentd defaults to /etc/oidentd.conf. The format of the
32           system-wide configuration file is described in oidentd.conf(5).
33
34       -d, --debug
35           Show debug messages, including detailed lookup information that may
36           be useful for diagnosing issues with failed lookups. This option is
37           only available if oidentd was compiled with debugging support.
38
39       -e, --error
40           Hide error messages, returning UNKNOWN-ERROR for all errors. This
41           includes the NO-USER, HIDDEN-USER and INVALID-PORT errors. This
42           option may be used to conceal the fact that oidentd is hiding ident
43           responses for a user.
44
45       -f, --forward=[PORT]
46           Forward requests for hosts masquerading through the server oidentd
47           is running on to the host that established the corresponding
48           connection. The target host must be running oidentd with the
49           --proxy option, or some ident server returning static responses
50           regardless of the query. If no port is specified, the default ident
51           port (113) is used. If forwarding fails, oidentd falls back to the
52           response specified in oidentd_masq.conf(5). This option implies
53           --masquerade. The --masquerade-first option can be used to forward
54           queries only if no response was specified in oidentd_masq.conf(5).
55
56       -g, --group=GROUP|GID
57           Run as the specified group or GID. If this option is not given,
58           oidentd falls back to running as "oidentd", "nobody", "nogroup" or
59           GID 65534, in this order. On systems that require oidentd to run as
60           the superuser, a warning is shown and the group is not changed
61           automatically.
62
63       -h, --help
64           Print a summary of options and exit.
65
66       -i, --foreground
67           Do not fork to background. This option may be useful for debugging,
68           or for running oidentd from a service manager like systemd(1) with
69           Type=simple.
70
71       -I, --stdio
72           Read a single ident query from standard input, write the response
73           to standard output, then exit. This option may be useful for
74           debugging, or when running oidentd from a listener daemon such as
75           xinetd(8).
76
77       -l, --limit=MAX
78           Limit the maximum number of concurrent connections to the specified
79           value. Further connections beyond this limit will be closed
80           immediately without spawning a new process. If this option is not
81           specified, no limit is enforced.
82
83       -m, --masquerade
84           Enable support for NAT connections, allowing Ident lookups intended
85           for hosts masquerading through the server running oidentd. Ident
86           responses for NAT connections can be configured in the
87           oidentd_masq.conf(5) configuration file.
88
89       -M, --masquerade-first
90           If an entry matching the target host exists in the
91           oidentd_masq.conf(5) configuration file, return the configured
92           Ident response instead of forwarding the query. With this option,
93           queries are forwarded only if no static response has been
94           configured. If this option is not specified, the default behavior
95           of --forward is to forward queries before checking the
96           oidentd_masq.conf(5) file. This option implies --forward and
97           --masquerade.
98
99       -o, --other=[OS]
100           Set an alternative operating system string to send alongside ident
101           responses. Note that some clients may interpret queries as having
102           failed when an unknown operating system is returned. If this option
103           is not specified, the value UNIX is used. If this option is
104           specified without an argument, OTHER is returned.
105
106       -p, --port=PORT
107           Listen on the specified port instead of port 113.
108
109       -P, --proxy=ORIGIN
110           Allow the specified host to forward queries to this instance using
111           the --forward option. If --reply is not specified, this option must
112           be enabled for oidentd to correctly handle forwarded connections.
113
114       -q, --quiet
115           Suppress normal logging, showing only critical messages.
116
117       -r, --reply=REPLY
118           When a lookup fails, send the specified ident response as if it had
119           succeeded.
120
121       -R, --reply-all=REPLY
122           Send the specified reply in response to all well-formed queries.
123           When this option is used, the configuration files are not read and
124           connection lookups are never performed. Privileged initialization
125           is not performed on systems that would otherwise require it, so
126           unprivileged users can run oidentd with this option as long as they
127           have permission to bind the requested port.
128
129       -S, --nosyslog
130           Log messages to the standard error stream, even if it is not a
131           terminal. If standard error is a terminal, messages are written to
132           it by default.
133
134       -t, --timeout=SECONDS
135           Close connections if no ident query is received within the
136           specified number of seconds. By default, connections are closed
137           after 30 seconds.
138
139       -u, --user=USER|UID
140           Run as the specified user or UID. If this option is not given,
141           oidentd falls back to running as "oidentd", "nobody" or UID 65534,
142           in this order. On systems that require oidentd to run as the
143           superuser, a warning is shown and the user is not changed
144           automatically.
145
146       -v, --version
147           Print version and build information and exit.
148

FILES

150       /etc/oidentd.conf
151           System-wide configuration file; see oidentd.conf(5).
152
153       ~/.config/oidentd.conf, ~/.oidentd.conf
154           User configuration files; see oidentd.conf(5).
155
156       /etc/oidentd_masq.conf
157           Masquerading configuration file; see oidentd_masq.conf(5).
158

AUTHOR

160       Janik Rabe <info@janikrabe.com>
161           https://janikrabe.com/projects/oidentd/
162
163       Originally written by Ryan McCabe.
164

BUGS

166       Please report any bugs to Janik Rabe <info@janikrabe.com>.
167

SEE ALSO

169       oidentd.conf(5) oidentd_masq.conf(5)
170
171
172
173oidentd 3.0.0                                                       OIDENTD(8)
Impressum