Identd is a server which implements the TCP/IP proposed standard IDENT user identification protocol as specified in the RFC 1413 document.
-h Display the available command line options.
-V Displays the version and OS version it was compiled for, and then exit.
-d Enables extra debugging messages.
Directs identd to parse additional configuration options from the file specified.
-i May be used when starting the daemon by inetd with the __
-w May be used when starting the daemon by inetd with the __
-I May be used when the daemon is started by init (see below).
-b flag may be used to make the daemon run in standalone mode (see below).
Used to specify a user number or name to which the server should switch to after binding itself to the TCP/IP port and opening the kernel devices.
Used to specify a group number or name which the server should switch to after binding itself to the TCP/IP port and opening the kernel devices.
Used to specify an alternative TCP port to bind to, if running as a standalone daemon or started by init Can be specified by name or by number. Defaults to the IDENT port (113).
Used to specify the request timeout limit. This is the maximum number of seconds a server will allow a client connection to be active before terminating it. It defaults to 120 seconds.
Specify the location of a file to store the process number of the Identd daemon.
Control the number of threads to use for kernel lookups
Set the syslog facility to use instead of 'daemon'.
-o Directs identd to return OTHER instead of UNIX as the __
-E Enables DES encryption of the returned data (see below for more information).
-n Directs identd to always return user numbers instead of user names (for example if you wish to keep the user names a secret).
-N Directs identd to check for a file HIDDEN-USER instead of the normal USERID response.
-e Enables certain non-standard protocol extensions. Currently defined extensions include the requests VERSION to return the Ident daemon version and QUIT to terminate a session (useful in conjunction with the -m option).
The prefered way to start identd depends on how it was built.
If it was built with support for multithreading then it should be started either from init , as a standalone daemon or from inetd using the inetd supports it!)
If it was built without support for multithreading then it should be started from inetd using the normal one client connection at a time).
DES encryption is only available if the daemon was built with support for it enabled.
An encryption key (1024 bytes long) should be stored in the key file ( /etc/identd.key ) and it should be generated using a cryptographically safe random generator in order to be really safe. It should not contain any NUL (0x00) characters since this is used as a string to generate the real binary DES key.
This file may contain multiple 1024 byte long keys, and the server will use the last key stored in that file.
The returned token will contain the local and remote IP addresses and TCP port numbers, the local user's uid number, a timestamp, a random number, and a checksum - all encrypted using DES. The encrypted binary information is then encoded in a BASE64 string (32 characters long) and enclosed in square brackets to produce a token that is transmitted to the remote client.
The configuration file contains a list of option=value pairs.
syslog:facility = FACILITY
Set which facility to use when sending syslog messages. See syslog.conf(5) for more information.
server:user = USER
Set what user (and group, from the passwd database) the daemon should run as after it has opened all the kernel handles. (Default: nobody)
server:group = GROUP
Override the group id (as set by the server:user option).
server:port = PORT
Set what TCP/IP port the daemon should listen to. (Default: 113)
server:backlog = LIMIT
Set the size of the server listen() backlog limit.
server:pid-file = PATH
Set the path to the file where the server will store it's process id.
server:max-request = LIMIT
Max number of concurrent requests allowed. Default is 0 (zero) which means
protocol:extensions = ON/OFF
Enable/disable the nonstandard protocol extensions ( VERSION and QUIT currently). Default: off
protocol:multiquery = ON/OFF
Enable/disable the multiple queries per connection feature. Default: off
protocol:timeout = SECONDS
Max number of seconds since connection or last request. If set to 0 (zero), no timeout will be used. Default: 120 seconds.
kernel:threads = LIMIT
Max number of threads doing kernel lookups concurrently. Default: 8
kernel:buffers = LIMIT
Max number of queued kernel lookup requests. Default: 32
kernel:attempts = LIMIT
Max number of times to retry a kernel lookup in case of failure. Default: 5
result:uid-only = YES/NO
result:noident = ON/OFF
Enable/disable checking for the
result:charset = CHARSET
Define the character set returned in replies. Default:
result:opsys = OPSYS
Define the operating system returned in replies. Default:
result:syslog-level = LEVEL
If set to anything other than syslog.conf__(5)? for more information. Default: none
result:encrypt = YES/NO
Enable encryption of replies. Only available if Identd was built with a DES encryption library.
encrypt:key-file = PATH
Path to the file containing the encryption keys.
include = PATH
Contains the default configuration options for identd.
If compiled with DES encryption enabled, the 1024 first bytes of this file is used to specify the secret key for encrypting replies.
The daemon is free software. You can redistribute it and/or modify it as you wish - as long as you don't claim that you wrote it.
The source code for the latest version of the daemon can always be FTP'd from one of the following addresses:
The author can be contacted at: