IDENTD(8) IDENTD(8)
NAME
identd - TCP/IP IDENT protocol server
SYNOPSIS
identd [-i|-w|-b] [-t<seconds>] [-u<uid>] [-g<gid>] [-p<port>] [-a<address>] [-c<charset>] [-n] [-o] [-e] [-l] [-V] [-v] [-m] [-N] [-d] [kernelfile[kmemfile]]
DESCRIPTION
identd is a server which implements the TCP/IP proposed standard IDENT user identification protocol as specified in the RFC 1413 document. identd operates by looking up specific TCP/IP connections and returning the user name of the process owning the con- nection.
ARGUMENTS
The -i flag, which is the default mode, should be used when starting the daemon from inetd with the "nowait" option in the /etc/inetd.conf file. Use of this mode will make inetd start one identd daemon for each connection request. The -w flag should be used when starting the daemon from inetd with the "wait" option in the /etc/inetd.conf file . This is the prefered mode of operation since that will start a copy of identd at the first connection request and then identd will handle subsequent requests without having to do the nlist lookup in the kernel file for every request as in the -i mode above. The identd daemon will run either forever, until a bug makes it crash or a time- out, as specified by the -t flag, occurs. The -b flag can be used to make the daemon run in stan- dalone mode without the assistance from inetd. This mode is the least prefered mode since a bug or any other fatal condition in the server will make it terminate and it will then have to be restarted manually. Other than that is has the same advantage as the -w mode in that it parses the nlist only once. The -t<seconds> option is used to specify the timeout limit. This is the number of seconds a server started with the -w flag will wait for new connections before terminat- ing. The server is automatically restarted by inetd when- ever a new connection is requested if it has terminated. A suitable value for this is 120 (2 minutes), if used. It defaults to no timeout (ie, will wait forever, or until a fatal condition occurs in the server). The -u<uid> option is used to specify a user id number which the ident server should switch to after binding itself to the TCP/IP port if using the -b mode of 27 May 1992 1 IDENTD(8) IDENTD(8) operation. The -g<gid> option is used to specify a group id number which the ident server should switch to after binding itself to the TCP/IP port if using the -b mode of opera- tion. The -p<port> option is used to specify an alternative port number to bind to if using the -b mode of operation. It can be specified by name or by number. Defaults to the IDENT port (113). The -a<address> option is used to specify the local address to bind the socket to if using the -b mode of operation. Can only be specified by IP address and not by domain name. Defaults to the INADDR_ANY address which nor- mally means all local addresses. The -V flag makes identd display the version number and the exit. The -l flag tells identd to use the System logging daemon syslogd for logging purposes. The -v flag causes identd to log every request made, if the use of syslogd is enabled. The -o flag tells identd to not reveal the operating sys- tem type it is run on and to instead always return "OTHER". The -e flag tells identd to always return "UNKNOWN-ERROR" instead of the "NO-USER" or "INVALID-PORT" errors. The -c<charset> flags tells identd to add the optional (according to the IDENT protocol) character set designator to the reply generated. <charset> should be a valid char- acter set as described in the MIME RFC in upper case char- acters. The -n flags tells identd to always return user numbers instead of user names if you wish to keep the user names a secret. The -N flag makes identd check for a file ".noident" in each homedirectory for a user which the daemon is about to return the user name for. It that file exists then the daemon will give the error HIDDEN-USER instead of the nor- mal USERID response. -m flag makes identd use a mode of operation that will allow multiple requests to be processed per session. Each request is specified one per line and the responses will be returned one per line. The connection will not be 27 May 1992 2 IDENTD(8) IDENTD(8) closed until the connecting part closes it's end of the line. PLEASE NOTE THAT THIS MODE VIOLATES THE PROTOCOL SPECIFICATION AS IT CURRENTLY STANDS. The -d flag enables some debugging code that normally should NOT be enabled since that breaks the protocol and may reveal information that should not be available to outsiders. kernelfile defaults to the normally running kernel file. kmemfile defaults to the memory space of the normally run- ning kernel.
SEE ALSO
inetd.conf(5)
NOTES
Identd uses the LOG_DAEMON syslogd(8) facility to log mes- sages. This is the correct thing to do since LOG_AUTH is supposed to be used by authorization related programs, not authentication related ones such as identd.
BUGS
The handling of fatal errors could be better. If the -N flag is specified and a user's ".noident" file is not accessible, then ident information regarding that user will be returned if requested. 27 May 1992 3
Powered by man-cgi (2024-08-26). Maintained for NetBSD by Kimmo Suominen. Based on man-cgi by Panagiotis Christias.