bionic (8) oidentd.8.gz

Provided by: oidentd_2.0.8-10_amd64 bug

NAME

       oidentd - TCP/IP IDENT protocol server

SYNOPSIS

       oidentd [options]

       [ -dehiImoqSv ]
       [ -a <host> ]
       [ -c <charset> ]
       [ -C <config file> ]
       [ -f <port> ]
       [ -p <port> ]
       [ -P <host> ]
       [ -o or --other=[<OS string>] ]
       [ -t or --timeout=<seconds> ]
       [ -g or --group=<group|GID> ]
       [ -l or --limit=<number>]
       [ -r or --reply=<string> ]
       [ -u or --user=<username|UID> ]

DESCRIPTION

       oidentd  is  a server that implements the TCP/IP standard IDENT user identification protocol as specified
       in the RFC 1413 document.

       oidentd operates by looking up specific TCP connections and returning the user name of the process owning
       the connection.

OPTIONS

       -a or --address=<address|hostname>
              Listen  for  connections on the specified address. The default is to listen for connections on all
              configured IP addresses.

       -c or --charset=<charset>
              Use the specified alternate charset.

       -C or --config=<config file>
              Use the specified file as the configuration file. The default location of the  configuration  file
              is /etc/oidentd.conf.

       -d or --debug
              Enable  debugging.  This  causes  debugging  messages to be printed via syslog. This option can be
              useful when trying to track down the cause of failed lookups.

       -e or --error
              Return "UNKNOWN-ERROR" for all errors, so as not to divulge any unnecessary information to  remote
              clients.

       -f or --forward=[<port>]
              When  IP masquerading support is enabled, forward requests for machines that masquerade through us
              to those machines on the specified port. If a port is not given, oidentd will use the default port
              for the ident service ("auth" or port 113). If the forwarded request fails, oidentd will fall back
              to reading the /etc/oidentd_masq.conf file. In order for forwarding to work, the machine to  which
              the  connection  is  forwarded  must  also be running oidentd, and oidentd must be run with the -P
              switch specifying the host that is forwarding the connections. If the ident daemon on the host  to
              which  the  connection  is  forwarded  is  capable of returning a fixed string for any lookup (for
              example, the ident server built in to the mIRC windows IRC client), it is  not  necessary  to  run
              oidentd on that host.

       -g or --group=<group|GID>
              Run with specified GID or group.

       -i or --foreground
              Run  interactively, not as a daemon. This is useful when debugging, or when running from a service
              manager such as daemontools.

       -I or --stdio
              Service only a single client request then exit. The client is expected to be already connected via
              stdin  and  stdout.  This  mode  is  useful when running from listener utilities such as inetd(8),
              xinetd(8) or tcpserver(8).  This option implies -i (run in foreground) also.

       -l or --limit=<number>
              Allow, at most, the specified number of open connections at once.

       -m or --masq
              Enable support for ident queries for masqueraded/NAT  connections.  See  oidentd_masq.conf(5)  for
              details on configuring support for masqueraded/NAT connections.

       -o or --other=[<string>]
              The  string  specified  will  be  returned  as  the  OS string by default for all successful ident
              lookups. If no argument is given, "OTHER" will be returned instead of the name  of  the  operating
              system.  Some  requests  may  be  interpreted  as  having failed by the client side (with ident in
              general, not just with oidentd), when some other string is returned instead of the actual name  of
              the operating system.

       -p or --port=<port>
              Listen on the specified port.

       -P or --proxy=<host>
              The specified host acts as a proxy, forwarding connections to us. This option must be enabled when
              connections on the machine on which oidentd is running are masqueraded through  another  host  and
              the host through which the connections are masqueraded forwards requests to us.

       -q or --quiet
              Quiet mode; do not log any status messages to syslog.

       -S or --nosyslog
              Log  any  status  messages to stderr, not syslog. This is useful for debugging or integration with
              external loggers such as multilog(8).

       -t or --timeout=<seconds>
              Sets the number of seconds to wait for input from a client before closing the connection.

       -u or --user=<user|UID>
              Run with specified username or UID.

       -U or --udb
              Perform lookups in the UDB shared memory tables, both for connections  originating  on  the  local
              host and for masqueraded connections. When a match is found, it will be used instead of the values
              supplied by the operating system, for either masqueraded entries (with the -m flag) or normal  TCP
              connections. Entries in the table which don't match any local user will be returned verbatim. This
              allows oidentd to cooperate with other programs (e.g. RADIUS servers or  proxies)  to  give  valid
              replies for dynamic connections.

       -r or --reply=<string>
              Upon  a  failed  lookup,  the specified string will be returned to the client as if the lookup had
              succeeded.

       -v or --version
              Display version information and exit.

       -h or --help
              Display options and exit.

FILES

       /etc/oidentd.conf
              The system-wide configuration file.

       /etc/oidentd_masq.conf
              The NAT/IP masquerading mappings.

       $HOME/.oidentd.conf
              Per-user configuration file.

AUTHOR

       Ryan McCabe <ryan@numb.org>
       http://dev.ojnk.net

BUGS

       Solaris lacks IPv6 support and NAT support.

SEE ALSO

       oidentd.conf(5) oidentd_masq.conf(5)