Home
Main website
Display Sidebar
Hide Ads
Recent Changes
View Source:
identd(8)
Edit
PageHistory
Diff
Info
LikePages
identd !!!identd NAME SYNOPSIS DESCRIPTION OPTIONS INSTALLATION ENCRYPTION CONFIGURATION FILE NOTES FILES AVAILABILITY SEE ALSO ---- !!NAME identd - TCP/IP IDENT protocol server !!SYNOPSIS __identd [[options]__ !!DESCRIPTION __Identd__ is a server which implements the TCP/IP proposed standard IDENT user identification protocol as specified in the RFC 1413 document. __identd__ operates by looking up specific TCP/IP connections and returning the user name of the process owning the connection. It can optionally return other information instead of a user name. !!OPTIONS __-h__ Display the available command line options. __-V__ Displays the version and OS version it was compiled for, and then exit. __-d__ Enables extra debugging messages. __-C__ Directs __identd__ to parse additional configuration options from the file specified. __-i__ May be used when starting the daemon by __inetd__ with the __ __-w__ May be used when starting the daemon by __inetd__ with the __ __-I__ May be used when the daemon is started by __init__ (see below). __-b__ flag may be used to make the daemon run in standalone mode (see below). __-u__ Used to specify a user number or name to which the server should switch to after binding itself to the TCP/IP port and opening the kernel devices. __-g__ Used to specify a group number or name which the server should switch to after binding itself to the TCP/IP port and opening the kernel devices. __-p__ Used to specify an alternative TCP port to bind to, if running as a standalone daemon or started by __init__ Can be specified by name or by number. Defaults to the IDENT port (113). __-t__ Used to specify the request timeout limit. This is the maximum number of seconds a server will allow a client connection to be active before terminating it. It defaults to 120 seconds. __-P__ Specify the location of a file to store the process number of the Identd daemon. __-K__ Control the number of threads to use for kernel lookups __-L__ Set the syslog facility to use instead of 'daemon'. __-o__ Directs __identd__ to return OTHER instead of UNIX as the __ __-E__ Enables DES encryption of the returned data (see below for more information). __-n__ Directs __identd__ to always return user numbers instead of user names (for example if you wish to keep the user names a secret). __-N__ Directs __identd__ to check for a file __HIDDEN-USER__ instead of the normal USERID response. __-e__ Enables certain non-standard protocol extensions. Currently defined extensions include the requests __VERSION__ to return the Ident daemon version and __QUIT__ to terminate a session (useful in conjunction with the __-m__ option). __-m__ Enables __identd__ to use a mode of operation that will allow multiple requests to be processed per session. Each request is specified one per line and the responses will be returned one per line. The connection will not be closed until the connecting part closes it's end of the line. !!INSTALLATION The prefered way to start __identd__ depends on how it was built. If it was built with support for multithreading then it should be started either from __init__ , as a standalone daemon or from __inetd__ using the __inetd__ supports it!) If it was built without support for multithreading then it should be started from __inetd__ using the normal __one__ client connection at a time). __identd__ normally will autodetect how it was invoked so there normally is no need to use the four command line switches (-i, -w, -I, -b). !!ENCRYPTION DES encryption is only available if the daemon was built with support for it enabled. An encryption key (1024 bytes long) should be stored in the key file ( __/etc/identd.key__ ) and it should be generated using a cryptographically safe random generator in order to be really safe. It should not contain any NUL (0x00) characters since this is used as a string to generate the real binary DES key. This file may contain multiple 1024 byte long keys, and the server will use the __last__ key stored in that file. The returned token will contain the local and remote IP addresses and TCP port numbers, the local user's uid number, a timestamp, a random number, and a checksum - all encrypted using DES. The encrypted binary information is then encoded in a BASE64 string (32 characters long) and enclosed in square brackets to produce a token that is transmitted to the remote client. The encrypted token can later be decrypted by the __idecrypt__ command. This program will attempt to decrypt a token with all the keys stored in the key file until it succeeds (or have tried all the keys). !!CONFIGURATION FILE The configuration file contains a list of __option=value__ pairs. __syslog:facility = FACILITY__ Set which facility to use when sending syslog messages. See syslog.conf(5) for more information. __server:user = USER__ Set what user (and group, from the passwd database) the daemon should run as after it has opened all the kernel handles. (Default: nobody) __server:group = GROUP__ Override the group id (as set by the __server:user__ option). __server:port = PORT__ Set what TCP/IP port the daemon should listen to. (Default: 113) __server:backlog = LIMIT__ Set the size of the server listen() backlog limit. __server:pid-file = PATH__ Set the path to the file where the server will store it's process id. __server:max-request = LIMIT__ Max number of concurrent requests allowed. Default is 0 (zero) which means __protocol:extensions = ON/OFF__ Enable/disable the nonstandard protocol extensions ( __VERSION__ and __QUIT__ currently). Default: off __protocol:multiquery = ON/OFF__ Enable/disable the multiple queries per connection feature. Default: off __protocol:timeout = SECONDS__ Max number of seconds since connection or last request. If set to 0 (zero), no timeout will be used. Default: 120 seconds. __kernel:threads = LIMIT__ Max number of threads doing kernel lookups concurrently. Default: 8 __kernel:buffers = LIMIT__ Max number of queued kernel lookup requests. Default: 32 __kernel:attempts = LIMIT__ Max number of times to retry a kernel lookup in case of failure. Default: 5 __result:uid-only = YES/NO__ Disable uid- __result:noident = ON/OFF__ Enable/disable checking for the __result:charset = CHARSET__ Define the character set returned in replies. Default: __result:opsys = OPSYS__ Define the operating system returned in replies. Default: __result:syslog-level = LEVEL__ If set to anything other than syslog.conf__(5) for more information. Default: none __result:encrypt = YES/NO__ Enable encryption of replies. Only available if Identd was built with a DES encryption library. __encrypt:key-file = PATH__ Path to the file containing the encryption keys. __include = PATH__ Include (and parse) the contents of another configuration file. !!NOTES The username (or UID) returned ought to be the login name. However it (probably, for most architecture implementations) is the setuid__(3) call and their children. For example, it may (should?) be wrong for an incoming __ftpd__ ; and we are probably interested in the running shell, not the __telnetd__ for an incoming telnet session. (But of course __identd__ returns info for outgoing connections, not incoming ones.) !!FILES __/etc/identd.conf__ Contains the default configuration options for __identd.__ __/etc/identd.key__ If compiled with ''DES'' encryption enabled, the 1024 first bytes of this file is used to specify the secret key for encrypting replies. __/var/run/identd/identd.pid__ Contains (if enabled) the process number of the __identd__ daemon. !!AVAILABILITY The daemon is free software. You can redistribute it and/or modify it as you wish - as long as you don't claim that you wrote it. The source code for the latest version of the daemon can always be FTP'd from one of the following addresses: __Main site:__ ftp://ftp.lysator.liu.se/pub/ident/servers/ __Mirror:__ ftp://ftp.uu.net/networking/ident/servers/ The author can be contacted at: __Email:__ __Peter Eriksson __ !!SEE ALSO idecrypt(8) , ikeygen(8) , inetd.conf(5) ----
4 pages link to
identd(8)
:
Man8i
epic4(1)
in.identtestd(8)
irc(1)
This page is a man page (or other imported legacy content). We are unable to automatically determine the license status of this page.
