identd - TCP/IP IDENT protocol server
identd [-i | -w | -b] [-t seconds] [-u uid] [-g gid] [-p
port]
[-a address] [-c charset] [-noelvmNUdh]
identd is a server which implements the TCP/IP proposed
standard IDENT
user identification protocol as specified in the RFC 1413
document.
identd operates by looking up specific TCP/IP connections
and returning
the user name of the process owning the connection.
The options are as follows:
-i Tells identd to run as a process started from inetd(8) with the
"nowait" option in the /etc/inetd.conf file. Use of
this mode
will make inetd(8) start one identd daemon for each
connection
request. This is the default mode of operation.
-w Tells identd to run as a process started from inetd(8) with the
"wait" option in the /etc/inetd.conf file. This
mode of operation
will start a copy of identd at the first connection request
and then identd will handle subsequent requests.
Previous versions
listed this as the preferred mode of operation
due to the
initial overhead of parsing the kernel nlist. This
version does
not use kmem or nlist parsing, so this reasoning is
no longer
valid.
-b Specify operation as a stand-alone daemon.
-h Hide the actual information about the user by providing an opaque
token instead. This token is entered into the local
system logs
so that the administrator can later discover who the
real user
was.
-H Hide information about non existing users (e.g.,
connections
through NAT) as well as existing users. Implies -h.
-t seconds
Specifies an idle timeout in seconds where a daemon
running in
"wait" mode will timeout and exit. The default is
no timeout.
-u uid Specify a user ID number or user name which the
identd server
should switch to after binding itself to the TCP/IP
port if running
as a stand-alone daemon. identd runs as user
"_identd" by
default and falls back to "nobody" if the "_identd"
user does not
exist.
-g gid Specify a group ID number or group name which the
identd server
should switch to after binding itself to the TCP/IP
port if running
as a stand-alone daemon.
-p port
Specify an alternative port number or service name
on which to
listen when running as a stand-alone daemon. Default is "auth"
(113).
-a address
Specify a local IP address in dotted quad format to
bind the listen
socket to if running as a stand-alone daemon.
By default the
daemon listens on all local IP addresses.
-l Use syslogd(8) for logging purposes.
-v Log every request to syslog if -l above is specified.
-o Do not reveal operating system type; always return
``OTHER'' instead.
-e Always return ``UNKNOWN-ERROR'' instead of the ``NOUSER'' or
``INVALID-PORT'' errors.
-c charset
Specify an optional character set designator to be
included in
replies. charset should be a valid character set as
described in
the MIME RFC in upper case characters.
-n Always return uid numbers instead of usernames.
-N When replying with a user name or ID, first check
for a file
.noident in the user's home directory. If this file
is accessible,
return ``HIDDEN-USER'' instead of the normal
USERID response.
-U When replying with a user name or ID, first check
for a file
.ident in the user's home directory. If this file
is accessible,
return the contents of the file instead of the normal USERID response.
-m Allow multiple requests to be processed per session.
Each request
is specified one per line and the responses
will be returned
one per line. The connection will not be
closed until the
client closes its end of the connection. PLEASE
NOTE THAT THIS
MODE VIOLATES THE PROTOCOL SPECIFICATION AS IT CURRENTLY STANDS.
-d This flag enables some debugging code that normally
should NOT be
enabled since that breaks the protocol and may reveal information
that should not be available to outsiders.
inetd.conf(5)
identd uses the LOG_DAEMON syslogd(8) facility to log messages.
Unlike previous versions of identd, this version uses
sysctl(3) to obtain
information from the kernel instead of parsing kmem. This
version does
not require privilege beyond what is needed to bind the listen port if
running as a stand-alone daemon.
Since identd should typically not be run as a privileged user or group,
.ident files for use when running with the -U flag will need
to be world
accessible. The same applies for .noident files when running with the -N
flag.
OpenBSD 3.6 July 27, 1997
[ Back ] | 