1oidentd(8)                  System Manager's Manual                 oidentd(8)
2
3
4

NAME

6       oidentd - TCP/IP IDENT protocol server
7
8

SYNOPSIS

10       oidentd [options]
11
12       [ -dehiImoqSv ]
13       [ -a <host> ]
14       [ -c <charset> ]
15       [ -C <config file> ]
16       [ -f <port> ]
17       [ -p <port> ]
18       [ -P <host> ]
19       [ -o or --other=[<OS string>] ]
20       [ -t or --timeout=<seconds> ]
21       [ -g or --group=<group|GID> ]
22       [ -l or --limit=<number>]
23       [ -r or --reply=<string> ]
24       [ -u or --user=<username|UID> ]
25
26

DESCRIPTION

28       oidentd  is  a  server  that  implements the TCP/IP standard IDENT user
29       identification protocol as specified in the RFC 1413 document.
30
31       oidentd operates by looking up specific TCP connections  and  returning
32       the user name of the process owning the connection.
33
34

OPTIONS

36       -a or --address=<address|hostname>
37              Listen  for connections on the specified address. The default is
38              to listen for connections on all configured IP addresses.
39
40
41       -c or --charset=<charset>
42              Use the specified alternate charset.
43
44
45       -C or --config=<config file>
46              Use the specified file as the configuration  file.  The  default
47              location of the configuration file is /etc/oidentd.conf.
48
49
50       -d or --debug
51              Enable  debugging.  This causes debugging messages to be printed
52              via syslog. This option can be useful when trying to track  down
53              the cause of failed lookups.
54
55
56       -e or --error
57              Return  "UNKNOWN-ERROR" for all errors, so as not to divulge any
58              unnecessary information to remote clients.
59
60
61       -f or --forward=[<port>]
62              When IP masquerading support is enabled,  forward  requests  for
63              machines  that  masquerade  through  us to those machines on the
64              specified port. If a port is not given,  oidentd  will  use  the
65              default  port for the ident service ("auth" or port 113). If the
66              forwarded request fails, oidentd will fall back to  reading  the
67              /etc/oidentd_masq.conf  file.  In  order for forwarding to work,
68              the machine to which the connection is forwarded  must  also  be
69              running  oidentd,  and  oidentd  must  be run with the -P switch
70              specifying the host that is forwarding the connections.  If  the
71              ident daemon on the host to which the connection is forwarded is
72              capable of returning a fixed string for any lookup (for example,
73              the ident server built in to the mIRC windows IRC client), it is
74              not necessary to run oidentd on that host.
75
76
77       -g or --group=<group|GID>
78              Run with specified GID or group.
79
80
81       -i or --foreground
82              Run interactively, not as a daemon. This is useful  when  debug‐
83              ging,  or  when  running  from a service manager such as daemon‐
84              tools.
85
86
87       -I or --stdio
88              Service only a single client request then exit.  The  client  is
89              expected to be already connected via stdin and stdout. This mode
90              is useful when running from listener utilities such as inetd(8),
91              xinetd(8) or tcpserver(8).  This option implies -i (run in fore‐
92              ground) also.
93
94
95       -l or --limit=<number>
96              Allow, at most, the specified  number  of  open  connections  at
97              once.
98
99
100       -m or --masq
101              Enable  support  for  ident  queries for masqueraded/NAT connec‐
102              tions. See oidentd_masq.conf(5) for details on configuring  sup‐
103              port for masqueraded/NAT connections.
104
105
106       -o or --other=[<string>]
107              The  string  specified  will  be  returned  as  the OS string by
108              default for all successful ident  lookups.  If  no  argument  is
109              given, "OTHER" will be returned instead of the name of the oper‐
110              ating system. Some requests may be interpreted as having  failed
111              by  the  client  side  (with  ident  in  general,  not just with
112              oidentd), when some other string  is  returned  instead  of  the
113              actual name of the operating system.
114
115
116       -p or --port=<port>
117              Listen on the specified port.
118
119
120       -P or --proxy=<host>
121              The  specified  host  acts as a proxy, forwarding connections to
122              us. This option must be enabled when connections on the  machine
123              on which oidentd is running are masqueraded through another host
124              and the host through which the connections are masqueraded  for‐
125              wards requests to us.
126
127
128       -q or --quiet
129              Quiet mode; do not log any status messages to syslog.
130
131
132       -S or --nosyslog
133              Log  any  status  messages to stderr, not syslog. This is useful
134              for debugging or integration with external loggers such as  mul‐
135              tilog(8).
136
137
138       -t or --timeout=<seconds>
139              Sets  the  number  of  seconds  to  wait for input from a client
140              before closing the connection.
141
142
143       -u or --user=<user|UID>
144              Run with specified username or UID.
145
146
147       -U or --udb
148              Perform lookups in the UDB shared memory tables, both  for  con‐
149              nections  originating on the local host and for masqueraded con‐
150              nections. When a match is found, it will be used instead of  the
151              values  supplied by the operating system, for either masqueraded
152              entries (with the -m flag) or normal TCP connections. Entries in
153              the table which don't match any local user will be returned ver‐
154              batim. This allows oidentd  to  cooperate  with  other  programs
155              (e.g.  RADIUS  servers  or  proxies)  to  give valid replies for
156              dynamic connections.
157
158
159       -r or --reply=<string>
160              Upon a failed lookup, the specified string will be  returned  to
161              the client as if the lookup had succeeded.
162
163
164       -v or --version
165              Display version information and exit.
166
167
168       -h or --help
169              Display options and exit.
170
171

FILES

173       /etc/oidentd.conf
174              The system-wide configuration file.
175
176
177       /etc/oidentd_masq.conf
178              The NAT/IP masquerading mappings.
179
180
181       $HOME/.oidentd.conf
182              Per-user configuration file.
183
184

AUTHOR

186       Ryan McCabe <ryan@numb.org>
187       http://dev.ojnk.net
188
189

BUGS

191       Solaris lacks IPv6 support and NAT support.
192
193

SEE ALSO

195       oidentd.conf(5) oidentd_masq.conf(5)
196
197
198
199version 2.0.8                     13 Jul 2003                       oidentd(8)
Impressum