NAME
identd
—
TCP/IP IDENT protocol server
SYNOPSIS
identd |
[-46deHhlmNnoUv ]
[-b | -i | -w ]
[-a address]
[-c charset]
[-g gid]
[-p port]
[-t seconds]
[-u uid] |
DESCRIPTION
identd
is a server which implements the
TCP/IP proposed standard IDENT user identification protocol as specified in
the RFC 1413 document.
identd
operates by looking up specific
TCP/IP connections and returning the user name of the process owning the
connection.
The options are as follows:
-4
- When
-b
is specified, forcesidentd
to use IPv4 addresses only. -6
- When
-b
is specified, forcesidentd
to use IPv6 addresses only. -a
address- Specify a local IP address in dotted quad format to bind the listen socket to if running as a stand-alone daemon. By default the daemon listens on all local IP addresses.
-b
- Specify operation as a stand-alone daemon.
-c
charset- Specify an optional character set designator to be included in replies. charset should be a valid character set as described in the MIME RFC in upper case characters.
-d
- This flag enables some debugging code that normally should NOT be enabled since that breaks the protocol and may reveal information that should not be available to outsiders.
-e
- Always return “UNKNOWN-ERROR” instead of the “NO-USER” or “INVALID-PORT” errors.
-g
gid- Specify a group ID number or group name which the
identd
server should switch to after binding itself to the TCP/IP port if running as a stand-alone daemon. -H
- Hide information about non existing users (e.g., connections through NAT)
as well as existing users. Implies
-h
. -h
- Hide the actual information about the user by providing an opaque token instead. This token is entered into the local system logs so that the administrator can later discover who the real user was.
-i
- Tells
identd
to run as a process started from inetd(8) with the "nowait" option in the /etc/inetd.conf file. Use of this mode will make inetd(8) start oneidentd
daemon for each connection request. This is the default mode of operation. -l
- Use syslogd(8) for logging purposes.
-m
- Allow multiple requests to be processed per session. Each request is specified one per line and the responses will be returned one per line. The connection will not be closed until the client closes its end of the connection. PLEASE NOTE THAT THIS MODE VIOLATES THE PROTOCOL SPECIFICATION AS IT CURRENTLY STANDS.
-N
- When replying with a user name or ID, first check for a file .noident in the user's home directory. If this file is accessible, return “HIDDEN-USER” instead of the normal USERID response.
-n
- Always return UID numbers instead of usernames.
-o
- Do not reveal operating system type; always return “OTHER” instead.
-p
port- Specify an alternative port number or service name on which to listen when running as a stand-alone daemon. Default is "auth" (113).
-t
seconds- Specifies an idle timeout in seconds where a daemon running in "wait" mode will timeout and exit. The default is no timeout.
-U
- When replying with a user name or ID, first check for a file .ident in the user's home directory. If this file is accessible, return at most 20 characters of the first line of the file instead of the normal USERID response.
-u
uid- Specify a user ID number or user name which the
identd
server should switch to after binding itself to the TCP/IP port if running as a stand-alone daemon.identd
runs as user "_identd" by default and falls back to "nobody" if the "_identd" user does not exist. -v
- Log every request to syslog if
-l
above is specified. -w
- Tells
identd
to run as a process started from inetd(8) with the "wait" option in the /etc/inetd.conf file. This mode of operation will start a copy ofidentd
at the first connection request and thenidentd
will handle subsequent requests. Previous versions listed this as the preferred mode of operation due to the initial overhead of parsing the kernel nlist. This version does not use kmem or nlist parsing, so this reasoning is no longer valid.
SEE ALSO
NOTES
identd
uses the
LOG_DAEMON
syslogd(8) facility to log messages.
Unlike previous versions of identd
, this
version uses sysctl(3) to obtain information from the kernel instead of
parsing kmem. This version does not require privilege beyond what is needed
to bind the listen port if running as a stand-alone daemon.
BUGS
Since identd
should typically not be run
as a privileged user or group, .ident files for use
when running with the -U
flag will need to be world
accessible. The same applies for .noident files when
running with the -N
flag.