oidentd - TCP/IP IDENT protocol server
[ -dehiImoqSv ]
[ -a <host> ]
[ -c <charset> ]
[ -C <config file> ]
[ -f <port> ]
[ -p <port> ]
[ -P <host> ]
[ -o or --other=[<OS string>] ]
[ -t or --timeout=<seconds> ]
[ -g or --group=<group|GID> ]
[ -l or --limit=<number>]
[ -r or --reply=<string> ]
[ -u or --user=<username|UID> ]
oidentd is a server that implements the TCP/IP standard IDENT user
identification protocol as specified in the RFC 1413 document.
oidentd operates by looking up specific TCP connections and returning
the user name of the process owning the connection.
-a or --address=<address|hostname>
Listen for connections on the specified address. The default is
to listen for connections on all configured IP addresses.
-c or --charset=<charset>
Use the specified alternate charset.
-C or --config=<config file>
Use the specified file as the configuration file. The default
location of the configuration file is /etc/oidentd.conf.
-d or --debug
Enable debugging. This causes debugging messages to be printed
via syslog. This option can be useful when trying to track down
the cause of failed lookups.
-e or --error
Return "UNKNOWN-ERROR" for all errors, so as not to divulge any
unnecessary information to remote clients.
-f or --forward=[<port>]
When IP masquerading support is enabled, forward requests for
machines that masquerade through us to those machines on the
specified port. If a port is not given, oidentd will use the
default port for the ident service ("auth" or port 113). If the
forwarded request fails, oidentd will fall back to reading the
/etc/oidentd_masq.conf file. In order for forwarding to work,
the machine to which the connection is forwarded must also be
running oidentd, and oidentd must be run with the -P switch
specifying the host that is forwarding the connections. If the
ident daemon on the host to which the connection is forwarded is
capable of returning a fixed string for any lookup (for example,
the ident server built in to the mIRC windows IRC client), it is
not necessary to run oidentd on that host.
-g or --group=<group|GID>
Run with specified GID or group.
-i or --foreground
Run interactively, not as a daemon. This is useful when
debugging, or when running from a service manager such as
-I or --stdio
Service only a single client request then exit. The client is
expected to be already connected via stdin and stdout. This mode
is useful when running from listener utilities such as inetd(8),
xinetd(8) or tcpserver(8). This option implies -i (run in
-l or --limit=<number>
Allow, at most, the specified number of open connections at
-m or --masq
Enable support for ident queries for masqueraded/NAT
connections. See oidentd_masq.conf(5) for details on configuring
support for masqueraded/NAT connections.
-o or --other=[<string>]
The string specified will be returned as the OS string by
default for all successful ident lookups. If no argument is
given, "OTHER" will be returned instead of the name of the
operating system. Some requests may be interpreted as having
failed by the client side (with ident in general, not just with
oidentd), when some other string is returned instead of the
actual name of the operating system.
-p or --port=<port>
Listen on the specified port.
-P or --proxy=<host>
The specified host acts as a proxy, forwarding connections to
us. This option must be enabled when connections on the machine
on which oidentd is running are masqueraded through another host
and the host through which the connections are masqueraded
forwards requests to us.
-q or --quiet
Quiet mode; do not log any status messages to syslog.
-S or --nosyslog
Log any status messages to stderr, not syslog. This is useful
for debugging or integration with external loggers such as
-t or --timeout=<seconds>
Sets the number of seconds to wait for input from a client
before closing the connection.
-u or --user=<user|UID>
Run with specified username or UID.
-U or --udb
Perform lookups in the UDB shared memory tables, both for
connections originating on the local host and for masqueraded
connections. When a match is found, it will be used instead of
the values supplied by the operating system, for either
masqueraded entries (with the -m flag) or normal TCP
connections. Entries in the table which don’t match any local
user will be returned verbatim. This allows oidentd to cooperate
with other programs (e.g. RADIUS servers or proxies) to give
valid replies for dynamic connections.
-r or --reply=<string>
Upon a failed lookup, the specified string will be returned to
the client as if the lookup had succeeded.
-v or --version
Display version information and exit.
-h or --help
Display options and exit.
The system-wide configuration file.
The NAT/IP masquerading mappings.
Per-user configuration file.
Ryan McCabe <email@example.com>
Solaris lacks IPv6 support and NAT support.