identd man page on Mandriva

Man page or keyword search:  
man Server   17060 pages
apropos Keyword Search (all sections)
Output format
Mandriva logo
[printable version]

identd(1)							     identd(1)

NAME
       identd, in.identd - TCP/IP IDENT protocol server

SYNOPSIS
       [in.]identd [options]

DESCRIPTION
       Identd  is a server which implements the TCP/IP proposed standard IDENT
       user identification protocol as specified in the RFC 1413 document.

       identd operates by looking up specific TCP/IP connections and returning
       the  user name of the process owning the connection.  It can optionally
       return other information instead of a user name.

OPTIONS
       -h	 Display the available command line options.

       -V	 Displays the version and OS version it was compiled for,  and
		 then exit.

       -d	 Enables extra debugging messages.

       -C<file>	 Directs identd to parse additional configuration options from
		 the file specified.

       -i	 May be used when  starting  the  daemon  by  inetd  with  the
		 "nowait" option (see below).

       -w	 May be used when starting the daemon by inetd with the "wait"
		 option (see below).

       -I	 May be used when the daemon is started by init (see below).

       -b	 flag may be used to make the daemon run  in  standalone  mode
		 (see below).

       -u<user>	 Used  to  specify  a  user number or name to which the server
		 should switch to after binding itself to the TCP/IP port  and
		 opening the kernel devices.

       -g<group> Used  to  specify  a  group  number  or name which the server
		 should switch to after binding itself to the TCP/IP port  and
		 opening the kernel devices.

       -p<port>	 Used  to  specify an alternative TCP port to bind to, if run‐
		 ning as a standalone daemon or started by init Can be	speci‐
		 fied by name or by number. Defaults to the IDENT port (113).

       -t<limit> Used  to specify the request timeout limit. This is the maxi‐
		 mum number of seconds a server will allow a client connection
		 to  be	 active before terminating it. It defaults to 120 sec‐
		 onds.

       -P<pidfile>
		 Specify the location of a file to store the process number of
		 the Identd daemon.

       -K<nthreads>
		 Control the number of threads to use for kernel lookups

       -L<facility>
		 Set the syslog facility to use instead of 'daemon'.

       -o	 Directs  identd to return OTHER instead of UNIX as the "oper‐
		 ating system".

       -E	 Enables DES encryption of the returned data  (see  below  for
		 more information).

       -n	 Directs  identd to always return user numbers instead of user
		 names (for example if you wish	 to  keep  the	user  names  a
		 secret).

       -N	 Directs  identd  to  check for a file ".noident" in each home
		 directory for the user which the daemon is  about  to	return
		 the  user  name for. It that file exists then the daemon will
		 give the error	 HIDDEN-USER  instead  of  the	normal	USERID
		 response.

       -e	 Enables  certain  non-standard protocol extensions. Currently
		 defined extensions include the requests VERSION to return the
		 Ident	daemon version and QUIT to terminate a session (useful
		 in conjunction with the -m option).

       -m	 Enables identd to use a mode of  operation  that  will	 allow
		 multiple  requests  to be processed per session. Each request
		 is specified one per line and the responses will be  returned
		 one  per  line.  The  connection will not be closed until the
		 connecting part closes it's end of the line.

INSTALLATION
       The prefered way to start identd depends on how it was built.

       If it was built with support  for  multithreading  then	it  should  be
       started	either	from init , as a standalone daemon or from inetd using
       the "wait" mode (if your inetd supports it!)

       If it was built without support for multithreading then	it  should  be
       started from inetd using the normal "nowait" mode for "stream tcp" ser‐
       vices. (The main reason being that it will be  single-threaded,	so  it
       will only serve one client connection at a time).

       identd normally will autodetect how it was invoked so there normally is
       no need to use the four command line switches (-i, -w, -I, -b).

ENCRYPTION
       DES encryption is only available if the daemon was built	 with  support
       for it enabled.

       An  encryption key (1024 bytes long) should be stored in the key file (
       /etc/identd.key ) and it should be generated using a  cryptographically
       safe random generator in order to be really safe. It should not contain
       any NUL (0x00) characters since this is used as a  string  to  generate
       the real binary DES key.

       This file may contain multiple 1024 byte long keys, and the server will
       use the last key stored in that file.

       The returned token will contain the local and remote IP	addresses  and
       TCP  port  numbers,  the local user's uid number, a timestamp, a random
       number, and a checksum - all encrypted using DES. The encrypted	binary
       information is then encoded in a BASE64 string (32 characters long) and
       enclosed in square brackets to produce a token that is  transmitted  to
       the remote client.

       The  encrypted  token  can  later be decrypted by the idecrypt command.
       This program will attempt to decrypt a token with all the  keys	stored
       in the key file until it succeeds (or have tried all the keys).

CONFIGURATION FILE
       The configuration file contains a list of option=value pairs.

       syslog:facility = FACILITY
		 Set which facility to use when sending syslog messages.

       server:user = USER
		 Set  what user (and group, from the passwd database) the dae‐
		 mon should run as after it has opened all the kernel handles.
		 (Default: nobody)

       server:group = GROUP
		 Override the group id (as set by the server:user option).

       server:port = PORT
		 Set  what  TCP/IP port the daemon should listen to. (Default:
		 113)

       server:backlog = LIMIT
		 Set the size of the server listen() backlog limit.

       server:pid-file = PATH
		 Set the path to the file where the  server  will  store  it's
		 process id.

       server:max-request = LIMIT
		 Max  number  of  concurrent  requests	allowed.  Default is 0
		 (zero) which means "no limit".

       protocol:extensions = ON/OFF
		 Enable/disable the nonstandard protocol extensions (  VERSION
		 and QUIT currently). Default: off

       protocol:multiquery = ON/OFF
		 Enable/disable	 the  multiple queries per connection feature.
		 Default: off

       protocol:timeout = SECONDS
		 Max number of seconds since connection or  last  request.  If
		 set  to  0 (zero), no timeout will be used. Default: 120 sec‐
		 onds.

       kernel:threads = LIMIT
		 Max number of	threads	 doing	kernel	lookups	 concurrently.
		 Default: 8

       kernel:buffers = LIMIT
		 Max number of queued kernel lookup requests. Default: 32

       kernel:attempts = LIMIT
		 Max number of times to retry a kernel lookup in case of fail‐
		 ure.  Default: 5

       result:uid-only = YES/NO
		 Disable uid->username	lookups	 (only	return	uid  numbers).
		 Default: no

       result:noident = ON/OFF
		 Enable/disable	 checking  for	the   ".noident" file in users
		 home directories.

       result:charset = CHARSET
		 Define the character set returned in replies.	Default:  "US-
		 ASCII"

       result:opsys = OPSYS
		 Define	 the  operating	 system	 returned in replies. Default:
		 "UNIX"

       result:syslog-level = LEVEL
		 If set to anything other than	"none",	 all  request  replies
		 till be sent to the syslog service with the specificed sever‐
		 ity level.  Default: none

       result:encrypt = YES/NO
		 Enable encryption of replies. Only available  if  Identd  was
		 built with a DES encryption library.

       encrypt:key-file = PATH
		 Path to the file containing the encryption keys.

       include = PATH
		 Include  (and	parse)	the  contents of another configuration
		 file.

NOTES
       The username (or UID) returned ought to be the login name.  However  it
       (probably, for most architecture implementations) is the "real user ID"
       as stored with the process. Thus the UID returned may be different from
       the login name for setuid programs (or those running as root) which has
       done a setuid(3) call and their children. For example, it may (should?)
       be  wrong  for an incoming ftpd ; and we are probably interested in the
       running shell, not the telnetd for an incoming telnet session. (But  of
       course  identd  returns	info  for  outgoing  connections, not incoming
       ones.)

FILES
       /etc/identd.conf
	      Contains the default configuration options for identd.

       /etc/identd.pid
	      Contains (if enabled) the process number of the identd daemon.

       /etc/identd.key
	      If compiled with DES encryption enabled, the 1024 first bytes of
	      this  file  is  used  to	specify	 the secret key for encrypting
	      replies.

AVAILABILITY
       The daemon is free software. You can redistribute it and/or  modify  it
       as you wish - as long as you don't claim that you wrote it.

       The  source  code  for  the  latest version of the daemon can always be
       FTP'd from one of the following addresses:

       Main site:  ftp://ftp.lysator.liu.se/pub/ident/servers/

       Mirror:	   ftp://ftp.uu.net/networking/ident/servers/

       The author can be contacted at:

       Email:	   Peter Eriksson <pen@lysator.liu.se>

SEE ALSO
       idecrypt(8) , ikeygen(8) , authuser(3) , inetd.conf(5) ,

				  8 Jan 1999			     identd(1)
[top]

List of man pages available for Mandriva

Copyright (c) for man pages and the logo by the respective OS vendor.

For those who want to learn more, the polarhome community provides shell access and support.

[legal] [privacy] [GNU] [policy] [cookies] [netiquette] [sponsors] [FAQ]
Tweet
Polarhome, production since 1999.
Member of Polarhome portal.
Based on Fawad Halim's script.
....................................................................
Vote for polarhome
Free Shell Accounts :: the biggest list on the net