IDENTD(8) OpenBSD System Manager's Manual IDENTD(8)NAMEidentd - TCP/IP IDENT protocol server
SYNOPSISidentd [-46deHhlmNnoUv] [-b | -i | -w] [-a address] [-c charset] [-g gid]
[-p port] [-t seconds] [-u uid]
DESCRIPTIONidentd is a server which implements the TCP/IP proposed standard IDENT
user identification protocol as specified in the RFC 1413 document.
identd operates by looking up specific TCP/IP connections and returning
the user name of the process owning the connection.
The options are as follows:
-4 When -b is specified, forces identd to use IPv4 addresses only.
-6 When -b is specified, forces identd to use IPv6 addresses only.
-a address
Specify a local IP address in dotted quad format to bind the
listen socket to if running as a stand-alone daemon. By default
the daemon listens on all local IP addresses.
-b Specify operation as a stand-alone daemon.
-c charset
Specify an optional character set designator to be included in
replies. charset should be a valid character set as described in
the MIME RFC in upper case characters.
-d This flag enables some debugging code that normally should NOT be
enabled since that breaks the protocol and may reveal information
that should not be available to outsiders.
-e Always return ``UNKNOWN-ERROR'' instead of the ``NO-USER'' or
``INVALID-PORT'' errors.
-g gid Specify a group ID number or group name which the identd server
should switch to after binding itself to the TCP/IP port if
running as a stand-alone daemon.
-H Hide information about non existing users (e.g., connections
through NAT) as well as existing users. Implies -h.
-h Hide the actual information about the user by providing an opaque
token instead. This token is entered into the local system logs
so that the administrator can later discover who the real user
was.
-i Tells identd to run as a process started from inetd(8) with the
"nowait" option in the /etc/inetd.conf file. Use of this mode
will make inetd(8) start one identd daemon for each connection
request. This is the default mode of operation.
-l Use syslogd(8) for logging purposes.
-m Allow multiple requests to be processed per session. Each
request is specified one per line and the responses will be
returned one per line. The connection will not be closed until
the client closes its end of the connection. PLEASE NOTE THAT
THIS MODE VIOLATES THE PROTOCOL SPECIFICATION AS IT CURRENTLY
STANDS.
-N When replying with a user name or ID, first check for a file
.noident in the user's home directory. If this file is
accessible, return ``HIDDEN-USER'' instead of the normal USERID
response.
-n Always return UID numbers instead of usernames.
-o Do not reveal operating system type; always return ``OTHER''
instead.
-p port
Specify an alternative port number or service name on which to
listen when running as a stand-alone daemon. Default is "auth"
(113).
-t seconds
Specifies an idle timeout in seconds where a daemon running in
"wait" mode will timeout and exit. The default is no timeout.
-U When replying with a user name or ID, first check for a file
.ident in the user's home directory. If this file is accessible,
return at most 20 characters of the first line of the file
instead of the normal USERID response.
-u uid Specify a user ID number or user name which the identd server
should switch to after binding itself to the TCP/IP port if
running as a stand-alone daemon. identd runs as user "_identd"
by default and falls back to "nobody" if the "_identd" user does
not exist.
-v Log every request to syslog if -l above is specified.
-w Tells identd to run as a process started from inetd(8) with the
"wait" option in the /etc/inetd.conf file. This mode of
operation will start a copy of identd at the first connection
request and then identd will handle subsequent requests.
Previous versions listed this as the preferred mode of operation
due to the initial overhead of parsing the kernel nlist. This
version does not use kmem or nlist parsing, so this reasoning is
no longer valid.
SEE ALSOinetd.conf(5)NOTESidentd uses the LOG_DAEMON syslogd(8) facility to log messages.
Unlike previous versions of identd, this version uses sysctl(3) to obtain
information from the kernel instead of parsing kmem. This version does
not require privilege beyond what is needed to bind the listen port if
running as a stand-alone daemon.
BUGS
Since identd should typically not be run as a privileged user or group,
.ident files for use when running with the -U flag will need to be world
accessible. The same applies for .noident files when running with the -N
flag.
OpenBSD 4.9 June 6, 2010 OpenBSD 4.9
