1oidentd(8) System Manager's Manual oidentd(8)
2
3
4
6 oidentd - TCP/IP IDENT protocol server
7
8
10 oidentd [options]
11
12 [ -dehiImoqSv ]
13 [ -a <host> ]
14 [ -c <charset> ]
15 [ -C <config file> ]
16 [ -f <port> ]
17 [ -p <port> ]
18 [ -P <host> ]
19 [ -o or --other=[<OS string>] ]
20 [ -t or --timeout=<seconds> ]
21 [ -g or --group=<group|GID> ]
22 [ -l or --limit=<number>]
23 [ -r or --reply=<string> ]
24 [ -u or --user=<username|UID> ]
25
26
28 oidentd is a server that implements the TCP/IP standard IDENT user
29 identification protocol as specified in the RFC 1413 document.
30
31 oidentd operates by looking up specific TCP connections and returning
32 the user name of the process owning the connection.
33
34
36 -a or --address=<address|hostname>
37 Listen for connections on the specified address. The default is
38 to listen for connections on all configured IP addresses.
39
40
41 -c or --charset=<charset>
42 Use the specified alternate charset.
43
44
45 -C or --config=<config file>
46 Use the specified file as the configuration file. The default
47 location of the configuration file is /etc/oidentd.conf.
48
49
50 -d or --debug
51 Enable debugging. This causes debugging messages to be printed
52 via syslog. This option can be useful when trying to track down
53 the cause of failed lookups.
54
55
56 -e or --error
57 Return "UNKNOWN-ERROR" for all errors, so as not to divulge any
58 unnecessary information to remote clients.
59
60
61 -f or --forward=[<port>]
62 When IP masquerading support is enabled, forward requests for
63 machines that masquerade through us to those machines on the
64 specified port. If a port is not given, oidentd will use the
65 default port for the ident service ("auth" or port 113). If the
66 forwarded request fails, oidentd will fall back to reading the
67 /etc/oidentd_masq.conf file. In order for forwarding to work,
68 the machine to which the connection is forwarded must also be
69 running oidentd, and oidentd must be run with the -P switch
70 specifying the host that is forwarding the connections. If the
71 ident daemon on the host to which the connection is forwarded is
72 capable of returning a fixed string for any lookup (for example,
73 the ident server built in to the mIRC windows IRC client), it is
74 not necessary to run oidentd on that host.
75
76
77 -g or --group=<group|GID>
78 Run with specified GID or group.
79
80
81 -i or --foreground
82 Run interactively, not as a daemon. This is useful when debug‐
83 ging, or when running from a service manager such as daemon‐
84 tools.
85
86
87 -I or --stdio
88 Service only a single client request then exit. The client is
89 expected to be already connected via stdin and stdout. This mode
90 is useful when running from listener utilities such as inetd(8),
91 xinetd(8) or tcpserver(8). This option implies -i (run in fore‐
92 ground) also.
93
94
95 -l or --limit=<number>
96 Allow, at most, the specified number of open connections at
97 once.
98
99
100 -m or --masq
101 Enable support for ident queries for masqueraded/NAT connec‐
102 tions. See oidentd_masq.conf(5) for details on configuring sup‐
103 port for masqueraded/NAT connections.
104
105
106 -o or --other=[<string>]
107 The string specified will be returned as the OS string by
108 default for all successful ident lookups. If no argument is
109 given, "OTHER" will be returned instead of the name of the oper‐
110 ating system. Some requests may be interpreted as having failed
111 by the client side (with ident in general, not just with
112 oidentd), when some other string is returned instead of the
113 actual name of the operating system.
114
115
116 -p or --port=<port>
117 Listen on the specified port.
118
119
120 -P or --proxy=<host>
121 The specified host acts as a proxy, forwarding connections to
122 us. This option must be enabled when connections on the machine
123 on which oidentd is running are masqueraded through another host
124 and the host through which the connections are masqueraded for‐
125 wards requests to us.
126
127
128 -q or --quiet
129 Quiet mode; do not log any status messages to syslog.
130
131
132 -S or --nosyslog
133 Log any status messages to stderr, not syslog. This is useful
134 for debugging or integration with external loggers such as mul‐
135 tilog(8).
136
137
138 -t or --timeout=<seconds>
139 Sets the number of seconds to wait for input from a client
140 before closing the connection.
141
142
143 -u or --user=<user|UID>
144 Run with specified username or UID.
145
146
147 -U or --udb
148 Perform lookups in the UDB shared memory tables, both for con‐
149 nections originating on the local host and for masqueraded con‐
150 nections. When a match is found, it will be used instead of the
151 values supplied by the operating system, for either masqueraded
152 entries (with the -m flag) or normal TCP connections. Entries in
153 the table which don't match any local user will be returned ver‐
154 batim. This allows oidentd to cooperate with other programs
155 (e.g. RADIUS servers or proxies) to give valid replies for
156 dynamic connections.
157
158
159 -r or --reply=<string>
160 Upon a failed lookup, the specified string will be returned to
161 the client as if the lookup had succeeded.
162
163
164 -v or --version
165 Display version information and exit.
166
167
168 -h or --help
169 Display options and exit.
170
171
173 /etc/oidentd.conf
174 The system-wide configuration file.
175
176
177 /etc/oidentd_masq.conf
178 The NAT/IP masquerading mappings.
179
180
181 $HOME/.oidentd.conf
182 Per-user configuration file.
183
184
186 Ryan McCabe <ryan@numb.org>
187 http://dev.ojnk.net
188
189
191 Solaris lacks IPv6 support and NAT support.
192
193
195 oidentd.conf(5) oidentd_masq.conf(5)
196
197
198
199version 2.0.8 13 Jul 2003 oidentd(8)