.\" oidentd.8 - oidentd ident (RFC 1413) implementation. .\" Copyright (c) 2001-2006 Ryan McCabe .\" Copyright (c) 2018 Janik Rabe .\" .\" Permission is granted to copy, distribute and/or modify this document .\" under the terms of the GNU Free Documentation License, Version 1.1 .\" or any later version published by the Free Software Foundation; .\" with the Invariant Sections being no invariant sections, with the .\" Front-Cover Texts being no front-cover texts, and with the Back-Cover .\" Texts being no back-cover texts. A copy of the license is included with .\" this package in the file "COPYING.DOC." .TH oidentd 8 "2019-01-10" "version 2.3.2" .SH NAME oidentd \- TCP/IP Ident protocol server .SH SYNOPSIS .BI "oidentd [options]" .sp .B [ \-dehiImoqSv ] .br .B [ \-a ] .br .B [ \-c ] .br .B [ \-C ] .br .B [ \-f ] .br .B [ \-p ] .br .B [ \-P ] .br .B [ \-o or \-\-other=[] ] .br .B [ \-t or \-\-timeout= ] .br .B [ \-g or \-\-group= ] .br .B [ \-l or \-\-limit=] .br .B [ \-r or \-\-reply= ] .br .B [ \-u or \-\-user= ] .SH DESCRIPTION \fBoidentd\fP is a server that implements the Identification Protocol as specified in RFC 1413. .PP \fBoidentd\fP operates by looking up specific TCP connections and returning the user name of the process owning the connection. .SH OPTIONS .TP .B "\-a or \-\-address=" Listen for connections on the specified address. If this option is specified multiple times, \fBoidentd\fP will listen on all specified IP addresses. The default is to listen for connections on all configured IP addresses. .TP .B "\-c or \-\-charset=" Use the specified alternate charset. .TP .B "\-C or \-\-config=" Use the specified file as the configuration file. The default location of the configuration file is \fB/etc/oidentd.conf\fP. .TP .B "\-d or \-\-debug" Enable debugging. This causes debugging messages to be printed via syslog. This option can be useful when trying to track down the cause of failed lookups. Note that this option is only available if \fBoidentd\fP has been compiled with the \fB--enable-debug\fP flag. .TP .B "\-e or \-\-error" Return "UNKNOWN-ERROR" for all errors, so as not to divulge any unnecessary information to remote clients. .TP .B "\-f or \-\-forward=[]" When IP masquerading support is enabled, forward requests for machines that masquerade through us to those machines on the specified port. If a port is not given, \fBoidentd\fP will use the default port for the ident service ("auth" or port 113). If the forwarded request fails, \fBoidentd\fP will fall back to reading the \fB/etc/oidentd_masq.conf\fP file. In order for forwarding to work, the machine to which the connection is forwarded must also be running \fBoidentd\fP, and \fBoidentd\fP must be run with the \fB-P\fP switch specifying the host that is forwarding the connections. If the ident daemon on the host to which the connection is forwarded is capable of returning a fixed string for any lookup (for example, the ident server built in to the mIRC windows IRC client), it is not necessary to run \fBoidentd\fP on that host. This option implies \fB--masquerade\fP. .TP .B "\-g or \-\-group=" Run as the specified group or GID. If this option is not given, \fBoidentd\fP falls back to running as \fIoidentd\fP, \fInobody\fP, \fInogroup\fP, or GID \fI65534\fP, in this order. On systems where \fBoidentd\fP requires superuser privileges, a warning is displayed and the group is not changed implicitly. .TP .B "\-i or \-\-foreground" Run interactively, not as a daemon. This is useful for debugging, or when running from a service manager such as daemontools. .TP .B "\-I or \-\-stdio" Service only a single client request, then exit. The client is expected to already be connected via stdin and stdout. This mode is useful when running from listener utilities such as .BR inetd (8), .BR xinetd (8) or .BR tcpserver (8). This option implies \fB-i\fP (run in foreground) also. .TP .B "\-l or \-\-limit=" Allow, at most, the specified number of open connections at once. .TP .B "\-m or \-\-masquerade" Enable support for ident queries for masqueraded/NAT connections. See .BR oidentd_masq.conf (5) for details on configuring support for masqueraded/NAT connections. .TP .B "\-M or \-\-masquerade-first" Check IP masquerading file before forwarding. .TP .B "\-o or \-\-other=[]" The string specified will be returned as the OS string by default for all successful ident lookups. If no argument is given, "OTHER" will be returned instead of the name of the operating system. The client side (with ident in general, not just with \fBoidentd\fP) may interpret some requests as having failed when some other string is returned instead of the name of the actual operating system. .TP .B "\-p or \-\-port=" Listen on the specified port. .TP .B "\-P or \-\-proxy=" The specified host acts as a proxy, forwarding connections to us. This option must be enabled when connections on the machine on which \fBoidentd\fP is running are masqueraded through another host and the host through which the connections are masqueraded forwards requests to us. .TP .B "\-q or \-\-quiet" Quiet mode; do not log any status messages to syslog. .TP .B "\-S or \-\-nosyslog" Log any status messages to stderr, not syslog. This is useful for debugging or integration with external loggers such as .BR multilog (8). .TP .B "\-t or \-\-timeout=" Sets the number of seconds to wait for input from a client before closing the connection. .TP .B "\-u or \-\-user=" Run as the specified user or UID. If this option is not given, \fBoidentd\fP falls back to running as \fIoidentd\fP, \fInobody\fP, or UID \fI65534\fP, in this order. On systems where \fBoidentd\fP requires superuser privileges, a warning is displayed and the user is not changed implicitly. .TP .B "\-U or \-\-udb" Perform lookups in the UDB shared memory tables, both for connections originating on the local host and for masqueraded connections. When a match is found, it will be used instead of the values supplied by the operating system, for either masqueraded entries (with the \fB-m\fP flag) or normal TCP connections. Entries in the table which don't match any local user will be returned verbatim. This allows \fBoidentd\fP to cooperate with other programs (e.g. RADIUS servers or proxies) to give valid replies for dynamic connections. .TP .B "\-r or \-\-reply=" Upon a failed lookup, the specified string will be returned to the client as if the lookup had succeeded. .TP .B "\-v or \-\-version" Display version information and exit. .TP .B "\-h or \-\-help" Display options and exit. .SH FILES .TP .B /etc/oidentd.conf The system-wide configuration file. .TP .B /etc/oidentd_masq.conf The NAT/IP masquerading mappings. .TP .B $HOME/.oidentd.conf Per-user configuration file. .SH AUTHOR Janik Rabe .br https://oidentd.janikrabe.com .PP Originally written by Ryan McCabe . .SH REPORTING BUGS Please report any bugs to Janik Rabe . .SH "SEE ALSO" .BR oidentd.conf (5) .BR oidentd_masq.conf (5)