Penguin
Recent Changes
Annotated edit history of identd(8) version 2, including all changes. View license author blame.
Rev Author # Line
1 perry 1 identd
2 !!!identd
3 NAME
4 SYNOPSIS
5 DESCRIPTION
6 OPTIONS
7 INSTALLATION
8 ENCRYPTION
9 CONFIGURATION FILE
10 NOTES
11 FILES
12 AVAILABILITY
13 SEE ALSO
14 ----
15 !!NAME
16
17
18 identd - TCP/IP IDENT protocol server
19 !!SYNOPSIS
20
21
22 __identd [[options]__
23 !!DESCRIPTION
24
25
26 __Identd__ is a server which implements the
27 TCP/IP proposed standard IDENT
28 user identification protocol as specified in the
29 RFC 1413 document.
30
31
32 __identd__ operates by looking up specific
33 TCP/IP connections and returning the user
34 name of the process owning the connection. It can optionally
35 return other information instead of a user
36 name.
37 !!OPTIONS
38
39
40 __-h__ Display the available command line
41 options.
42
43
44 __-V__ Displays the version and OS version it was
45 compiled for, and then exit.
46
47
48 __-d__ Enables extra debugging messages.
49
50
51 __-C__
52
53
54 Directs __identd__ to parse additional configuration
55 options from the file specified.
56
57
58 __-i__ May be used when starting the daemon by
59 __inetd__ with the
60 __
61
62
63 __-w__ May be used when starting the daemon by
64 __inetd__ with the
65 __
66
67
68 __-I__ May be used when the daemon is started by
69 __init__ (see below).
70
71
72 __-b__ flag may be used to make the daemon run in
73 standalone mode (see below).
74
75
76 __-u__
77
78
79 Used to specify a user number or name to which the server
80 should switch to after binding itself to the
81 TCP/IP port and opening the kernel
82 devices.
83
84
85 __-g__
86
87
88 Used to specify a group number or name which the server
89 should switch to after binding itself to the
90 TCP/IP port and opening the kernel
91 devices.
92
93
94 __-p__
95
96
97 Used to specify an alternative TCP port to bind to, if
98 running as a standalone daemon or started by __init__ Can
99 be specified by name or by number. Defaults to the
100 IDENT port (113).
101
102
103 __-t__
104
105
106 Used to specify the request timeout limit. This is the
107 maximum number of seconds a server will allow a client
108 connection to be active before terminating it. It defaults
109 to 120 seconds.
110
111
112 __-P__
113
114
115 Specify the location of a file to store the process number
116 of the Identd daemon.
117
118
119 __-K__
120
121
122 Control the number of threads to use for kernel
123 lookups
124
125
126 __-L__
127
128
129 Set the syslog facility to use instead of
130 'daemon'.
131
132
133 __-o__ Directs __identd__ to return OTHER instead of
134 UNIX as the __
135
136
137 __-E__ Enables DES encryption of the returned data (see
138 below for more information).
139
140
141 __-n__ Directs __identd__ to always return user
142 numbers instead of user names (for example if you wish to
143 keep the user names a secret).
144
145
146 __-N__ Directs __identd__ to check for a file
147 __HIDDEN-USER__ instead of the normal USERID
148 response.
149
150
151 __-e__ Enables certain non-standard protocol extensions.
152 Currently defined extensions include the requests
153 __VERSION__ to return the Ident daemon version and
154 __QUIT__ to terminate a session (useful in conjunction
155 with the __-m__ option).
156
157
158 __-m__ Enables __identd__ to use a mode of operation
159 that will allow multiple requests to be processed per
160 session. Each request is specified one per line and the
161 responses will be returned one per line. The connection will
162 not be closed until the connecting part closes it's end of
163 the line.
164 !!INSTALLATION
165
166
167 The prefered way to start __identd__ depends on how it
168 was built.
169
170
171 If it was built with support for multithreading then it
172 should be started either from __init__ , as a standalone
173 daemon or from __inetd__ using the
174 __inetd__ supports it!)
175
176
177 If it was built without support for multithreading then it
178 should be started from __inetd__ using the normal
179 __one__ client connection at a
180 time).
181
182
183 __identd__ normally will autodetect how it was invoked so
184 there normally is no need to use the four command line
185 switches (-i, -w, -I, -b).
186 !!ENCRYPTION
187
188
189 DES encryption is only available if the daemon was built
190 with support for it enabled.
191
192
193 An encryption key (1024 bytes long) should be stored in the
194 key file ( __/etc/identd.key__ ) and it should be
195 generated using a cryptographically safe random generator in
196 order to be really safe. It should not contain any NUL
197 (0x00) characters since this is used as a string to generate
198 the real binary DES key.
199
200
201 This file may contain multiple 1024 byte long keys, and the
202 server will use the __last__ key stored in that
203 file.
204
205
206 The returned token will contain the local and remote IP
207 addresses and TCP port numbers, the local user's uid number,
208 a timestamp, a random number, and a checksum - all encrypted
209 using DES. The encrypted binary information is then encoded
210 in a BASE64 string (32 characters long) and enclosed in
211 square brackets to produce a token that is transmitted to
212 the remote client.
213
214
215 The encrypted token can later be decrypted by the
216 __idecrypt__ command. This program will attempt to
217 decrypt a token with all the keys stored in the key file
218 until it succeeds (or have tried all the keys).
219 !!CONFIGURATION FILE
220
221
222 The configuration file contains a list of
223 __option=value__ pairs.
224
225
226 __syslog:facility = FACILITY__
227
228
229 Set which facility to use when sending syslog messages. See
2 perry 230 syslog.conf(5) for more information.
1 perry 231
232
233 __server:user = USER__
234
235
236 Set what user (and group, from the passwd database) the
237 daemon should run as after it has opened all the kernel
238 handles. (Default: nobody)
239
240
241 __server:group = GROUP__
242
243
244 Override the group id (as set by the __server:user__
245 option).
246
247
248 __server:port = PORT__
249
250
251 Set what TCP/IP port the daemon should listen to. (Default:
252 113)
253
254
255 __server:backlog = LIMIT__
256
257
258 Set the size of the server listen() backlog
259 limit.
260
261
262 __server:pid-file = PATH__
263
264
265 Set the path to the file where the server will store it's
266 process id.
267
268
269 __server:max-request = LIMIT__
270
271
272 Max number of concurrent requests allowed. Default is 0
273 (zero) which means
274
275
276 __protocol:extensions = ON/OFF__
277
278
279 Enable/disable the nonstandard protocol extensions (
280 __VERSION__ and __QUIT__ currently). Default:
281 off
282
283
284 __protocol:multiquery = ON/OFF__
285
286
287 Enable/disable the multiple queries per connection feature.
288 Default: off
289
290
291 __protocol:timeout = SECONDS__
292
293
294 Max number of seconds since connection or last request. If
295 set to 0 (zero), no timeout will be used. Default: 120
296 seconds.
297
298
299 __kernel:threads = LIMIT__
300
301
302 Max number of threads doing kernel lookups concurrently.
303 Default: 8
304
305
306 __kernel:buffers = LIMIT__
307
308
309 Max number of queued kernel lookup requests. Default:
310 32
311
312
313 __kernel:attempts = LIMIT__
314
315
316 Max number of times to retry a kernel lookup in case of
317 failure. Default: 5
318
319
320 __result:uid-only = YES/NO__
321
322
323 Disable uid-
324
325
326 __result:noident = ON/OFF__
327
328
329 Enable/disable checking for the
330
331
332 __result:charset = CHARSET__
333
334
335 Define the character set returned in replies. Default:
336
337
338 __result:opsys = OPSYS__
339
340
341 Define the operating system returned in replies. Default:
342
343
344 __result:syslog-level = LEVEL__
345
346
347 If set to anything other than
348 syslog.conf__(5) for
349 more information. Default: none
350
351
352 __result:encrypt = YES/NO__
353
354
355 Enable encryption of replies. Only available if Identd was
356 built with a DES encryption library.
357
358
359 __encrypt:key-file = PATH__
360
361
362 Path to the file containing the encryption
363 keys.
364
365
366 __include = PATH__
367
368
369 Include (and parse) the contents of another configuration
370 file.
371 !!NOTES
372
373
374 The username (or UID) returned ought to be the login name.
375 However it (probably, for most architecture implementations)
376 is the
377 setuid__(3) call and their children. For
378 example, it may (should?) be wrong for an incoming
379 __ftpd__ ; and we are probably interested in the running
380 shell, not the __telnetd__ for an incoming telnet
381 session. (But of course __identd__ returns info for
382 outgoing connections, not incoming ones.)
383 !!FILES
384
385
386 __/etc/identd.conf__
387
388
389 Contains the default configuration options for
390 __identd.__
391
392
393 __/etc/identd.key__
394
395
396 If compiled with ''DES'' encryption enabled, the 1024
397 first bytes of this file is used to specify the secret key
398 for encrypting replies.
399
400
401 __/var/run/identd/identd.pid__
402
403
404 Contains (if enabled) the process number of the
405 __identd__ daemon.
406 !!AVAILABILITY
407
408
409 The daemon is free software. You can redistribute it and/or
410 modify it as you wish - as long as you don't claim that you
411 wrote it.
412
413
414 The source code for the latest version of the daemon can
415 always be FTP'd from one of the following
416 addresses:
417
418
419 __Main site:__
420
421
422 ftp://ftp.lysator.liu.se/pub/ident/servers/
423
424
425 __Mirror:__
426
427
428 ftp://ftp.uu.net/networking/ident/servers/
429
430
431 The author can be contacted at:
432
433
434 __Email:__
435
436
437 __Peter Eriksson
438 __
439 !!SEE ALSO
440
441
442 idecrypt(8) , ikeygen(8) ,
2 perry 443 inetd.conf(5)
1 perry 444 ----
This page is a man page (or other imported legacy content). We are unable to automatically determine the license status of this page.