Provided by: oidentd_2.0.8-4_amd64 bug


       oidentd - TCP/IP IDENT protocol server


       oidentd [options]

       [ -dehiImoqSv ]
       [ -a <host> ]
       [ -c <charset> ]
       [ -C <config file> ]
       [ -f <port> ]
       [ -p <port> ]
       [ -P <host> ]
       [ -o or --other=[<OS string>] ]
       [ -t or --timeout=<seconds> ]
       [ -g or --group=<group|GID> ]
       [ -l or --limit=<number>]
       [ -r or --reply=<string> ]
       [ -u or --user=<username|UID> ]


       oidentd is a server that implements the TCP/IP standard IDENT user identification protocol
       as specified in the RFC 1413 document.

       oidentd operates by looking up specific TCP connections and returning the user name of the
       process owning the connection.


       -a or --address=<address|hostname>
              Listen  for  connections  on  the  specified  address. The default is to listen for
              connections on all configured IP addresses.

       -c or --charset=<charset>
              Use the specified alternate charset.

       -C or --config=<config file>
              Use the specified file as the configuration  file.  The  default  location  of  the
              configuration file is /etc/oidentd.conf.

       -d or --debug
              Enable  debugging.  This  causes  debugging messages to be printed via syslog. This
              option can be useful when trying to track down the cause of failed lookups.

       -e or --error
              Return "UNKNOWN-ERROR" for all  errors,  so  as  not  to  divulge  any  unnecessary
              information to remote clients.

       -f or --forward=[<port>]
              When  IP  masquerading  support  is  enabled,  forward  requests  for machines that
              masquerade through us to those machines on the specified port. If  a  port  is  not
              given,  oidentd  will  use  the  default port for the ident service ("auth" or port
              113). If the forwarded request  fails,  oidentd  will  fall  back  to  reading  the
              /etc/oidentd_masq.conf  file. In order for forwarding to work, the machine to which
              the connection is forwarded must also be running oidentd, and oidentd must  be  run
              with  the  -P switch specifying the host that is forwarding the connections. If the
              ident daemon on the host to  which  the  connection  is  forwarded  is  capable  of
              returning  a fixed string for any lookup (for example, the ident server built in to
              the mIRC windows IRC client), it is not necessary to run oidentd on that host.

       -g or --group=<group|GID>
              Run with specified GID or group.

       -i or --foreground
              Run interactively, not as a daemon. This is useful when debugging, or when  running
              from a service manager such as daemontools.

       -I or --stdio
              Service  only  a  single  client  request  then  exit. The client is expected to be
              already connected via stdin and stdout. This  mode  is  useful  when  running  from
              listener  utilities  such  as  inetd(8),  xinetd(8)  or  tcpserver(8).  This option
              implies -i (run in foreground) also.

       -l or --limit=<number>
              Allow, at most, the specified number of open connections at once.

       -m or --masq
              Enable  support  for   ident   queries   for   masqueraded/NAT   connections.   See
              oidentd_masq.conf(5)   for  details  on  configuring  support  for  masqueraded/NAT

       -o or --other=[<string>]
              The string specified will  be  returned  as  the  OS  string  by  default  for  all
              successful ident lookups. If no argument is given, "OTHER" will be returned instead
              of the name of the operating system. Some requests may  be  interpreted  as  having
              failed by the client side (with ident in general, not just with oidentd), when some
              other string is returned instead of the actual name of the operating system.

       -p or --port=<port>
              Listen on the specified port.

       -P or --proxy=<host>
              The specified host acts as a proxy, forwarding connections to us. This option  must
              be  enabled  when  connections  on  the  machine  on  which  oidentd is running are
              masqueraded through another host and the host through  which  the  connections  are
              masqueraded forwards requests to us.

       -q or --quiet
              Quiet mode; do not log any status messages to syslog.

       -S or --nosyslog
              Log  any  status  messages  to  stderr, not syslog. This is useful for debugging or
              integration with external loggers such as multilog(8).

       -t or --timeout=<seconds>
              Sets the number of seconds to wait for input  from  a  client  before  closing  the

       -u or --user=<user|UID>
              Run with specified username or UID.

       -U or --udb
              Perform  lookups  in the UDB shared memory tables, both for connections originating
              on the local host and for masqueraded connections. When a match is found,  it  will
              be  used  instead  of  the  values  supplied  by  the  operating system, for either
              masqueraded entries (with the -m flag) or normal TCP connections.  Entries  in  the
              table  which  don't  match  any  local  user will be returned verbatim. This allows
              oidentd to cooperate with other programs (e.g. RADIUS servers or proxies)  to  give
              valid replies for dynamic connections.

       -r or --reply=<string>
              Upon a failed lookup, the specified string will be returned to the client as if the
              lookup had succeeded.

       -v or --version
              Display version information and exit.

       -h or --help
              Display options and exit.


              The system-wide configuration file.

              The NAT/IP masquerading mappings.

              Per-user configuration file.


       Ryan McCabe <>


       Solaris lacks IPv6 support and NAT support.


       oidentd.conf(5) oidentd_masq.conf(5)