IDENTD(8) | System Manager's Manual | IDENTD(8) |
identd
—
identd |
[-46beIilNnr ] [-a
address] [-c
charset] [-F
format] [-f
username] [-g
uid] [-L
username] [-m
filter] [-o
osname] [-P
address] [-p
portno] [-t
seconds] [-u
uid] |
identd
is a TCP/IP server which implements the user
identification protocol as specified in RFC 1413.
identd
operates by looking up specific
TCP/IP connections and returning information which may or may not be
associated with the process owning the connection.
The following options are available:
-4
-b
).-6
-b
).-a
addressidentd
will resolve it to an address (or
addresses) and will bind this address (valid with flag
-b
).-b
-c
charset-e
-F
format%u print user name %U print user number %g print (primary) group name %G print (primary) group number %l print list of all groups by name %L print list of all groups by number
The lists of groups (%l, %L) are comma-separated, and start with the primary group which is not repeated. Any other characters (preceded by %, and those not preceded by it) are printed literally.
-f
username-g
gid-I
-i
but without the restriction that the
username in .ident must not match an existing
user.-i
-L
usernameidentd
will return this name for all valid ident
requests.-l
-m
filteridentd
changes the ident queries to use the local
port on the NAT host instead of the local port on the forwarding host.
This is needed because otherwise we can't do a lookup on the proxy host.
On the proxy host, “proxy mode” should be enabled with the
-P
flag or “lying mode” with the
-L
flag.-N
-n
-o
osname-P
address-m
flag how this operates.-p
portno-b
).-r
-n
flag is also enabled then a random number will
be returned.-t
seconds-u
uididentd
operates from
inetd(8) or as standalone daemon.
Put the following lines into
inetd.conf(5) to enable
identd
as an IPv4 and IPv6 service via inetd:
ident stream tcp nowait nobody /usr/libexec/identd identd -l
ident stream tcp6 nowait nobody /usr/libexec/identd identd -l
To run identd
as standalone daemon, use
the -b
flag.
identd
is written by
Peter Postma ⟨peter@NetBSD.org⟩.
identd
should typically not be run as a privileged
user or group, .ident files for use when running with
the -I
or -i
flags will need
to be world accessible. The same applies for .noident
files when running with the -N
flag.
When forwarding is enabled with the -m
flag then identd
will need access to either
/dev/ipnat (ipfilter),
/dev/pf (pf), or /dev/npf.
Since it's not a good idea to run identd
under root,
you'll need to adjust group owner/permissions to the device(s) and run
identd
under that group.
December 9, 2016 | NetBSD 9.4 |