Man Linux: Main Page and Category List


       oidentd - TCP/IP IDENT protocol server


       oidentd [options]

       [ -dehiImoqSv ]
       [ -a <host> ]
       [ -c <charset> ]
       [ -C <config file> ]
       [ -f <port> ]
       [ -p <port> ]
       [ -P <host> ]
       [ -o or --other=[<OS string>] ]
       [ -t or --timeout=<seconds> ]
       [ -g or --group=<group|GID> ]
       [ -l or --limit=<number>]
       [ -r or --reply=<string> ]
       [ -u or --user=<username|UID> ]


       oidentd  is  a  server  that  implements the TCP/IP standard IDENT user
       identification protocol as specified in the RFC 1413 document.

       oidentd operates by looking up specific TCP connections  and  returning
       the user name of the process owning the connection.


       -a or --address=<address|hostname>
              Listen  for connections on the specified address. The default is
              to listen for connections on all configured IP addresses.

       -c or --charset=<charset>
              Use the specified alternate charset.

       -C or --config=<config file>
              Use the specified file as the configuration  file.  The  default
              location of the configuration file is /etc/oidentd.conf.

       -d or --debug
              Enable  debugging.  This causes debugging messages to be printed
              via syslog. This option can be useful when trying to track  down
              the cause of failed lookups.

       -e or --error
              Return  "UNKNOWN-ERROR" for all errors, so as not to divulge any
              unnecessary information to remote clients.

       -f or --forward=[<port>]
              When IP masquerading support is enabled,  forward  requests  for
              machines  that  masquerade  through  us to those machines on the
              specified port. If a port is not given,  oidentd  will  use  the
              default  port for the ident service ("auth" or port 113). If the
              forwarded request fails, oidentd will fall back to  reading  the
              /etc/oidentd_masq.conf  file.  In  order for forwarding to work,
              the machine to which the connection is forwarded  must  also  be
              running  oidentd,  and  oidentd  must  be run with the -P switch
              specifying the host that is forwarding the connections.  If  the
              ident daemon on the host to which the connection is forwarded is
              capable of returning a fixed string for any lookup (for example,
              the ident server built in to the mIRC windows IRC client), it is
              not necessary to run oidentd on that host.

       -g or --group=<group|GID>
              Run with specified GID or group.

       -i or --foreground
              Run  interactively,  not  as  a  daemon.  This  is  useful  when
              debugging,  or  when  running  from  a  service  manager such as

       -I or --stdio
              Service only a single client request then exit.  The  client  is
              expected to be already connected via stdin and stdout. This mode
              is useful when running from listener utilities such as inetd(8),
              xinetd(8)  or  tcpserver(8).   This  option  implies  -i (run in
              foreground) also.

       -l or --limit=<number>
              Allow, at most, the specified  number  of  open  connections  at

       -m or --masq
              Enable   support   for   ident   queries   for   masqueraded/NAT
              connections. See oidentd_masq.conf(5) for details on configuring
              support for masqueraded/NAT connections.

       -o or --other=[<string>]
              The  string  specified  will  be  returned  as  the OS string by
              default for all successful ident  lookups.  If  no  argument  is
              given,  "OTHER"  will  be  returned  instead  of the name of the
              operating system. Some requests may  be  interpreted  as  having
              failed  by the client side (with ident in general, not just with
              oidentd), when some other string  is  returned  instead  of  the
              actual name of the operating system.

       -p or --port=<port>
              Listen on the specified port.

       -P or --proxy=<host>
              The  specified  host  acts as a proxy, forwarding connections to
              us. This option must be enabled when connections on the  machine
              on which oidentd is running are masqueraded through another host
              and the host  through  which  the  connections  are  masqueraded
              forwards requests to us.

       -q or --quiet
              Quiet mode; do not log any status messages to syslog.

       -S or --nosyslog
              Log  any  status  messages to stderr, not syslog. This is useful
              for debugging or  integration  with  external  loggers  such  as

       -t or --timeout=<seconds>
              Sets  the  number  of  seconds  to  wait for input from a client
              before closing the connection.

       -u or --user=<user|UID>
              Run with specified username or UID.

       -U or --udb
              Perform lookups in  the  UDB  shared  memory  tables,  both  for
              connections  originating  on  the local host and for masqueraded
              connections. When a match is found, it will be used  instead  of
              the   values  supplied  by  the  operating  system,  for  either
              masqueraded  entries  (with  the  -m   flag)   or   normal   TCP
              connections.  Entries  in  the table which don’t match any local
              user will be returned verbatim. This allows oidentd to cooperate
              with  other  programs  (e.g.  RADIUS servers or proxies) to give
              valid replies for dynamic connections.

       -r or --reply=<string>
              Upon a failed lookup, the specified string will be  returned  to
              the client as if the lookup had succeeded.

       -v or --version
              Display version information and exit.

       -h or --help
              Display options and exit.


              The system-wide configuration file.

              The NAT/IP masquerading mappings.

              Per-user configuration file.


       Ryan McCabe <>


       Solaris lacks IPv6 support and NAT support.


       oidentd.conf(5) oidentd_masq.conf(5)