identd - TCP/IP IDENT protocol server


   identd [options]


   Identd  is a server which implements the TCP/IP proposed standard IDENT
   user identification protocol as specified in the RFC 1413 document.

   identd operates by looking up specific TCP/IP connections and returning
   the  user name of the process owning the connection.  It can optionally
   return other information instead of a user name.


   -h        Display the available command line options.

   -V        Displays the version and OS version it was compiled for,  and
             then exit.

   -d        Enables extra debugging messages.

   -C<file>  Directs identd to parse additional configuration options from
             the file specified.

   -i        May be used when  starting  the  daemon  by  inetd  with  the
             "nowait" option (see below).

   -w        May be used when starting the daemon by inetd with the "wait"
             option (see below).

   -I        May be used when the daemon is started by init (see below).

   -b        flag may be used to make the daemon run  in  standalone  mode
             (see below).

   -u<user>  Used  to  specify  a  user number or name to which the server
             should switch to after binding itself to the TCP/IP port  and
             opening the kernel devices.

   -g<group> Used  to  specify  a  group  number  or name which the server
             should switch to after binding itself to the TCP/IP port  and
             opening the kernel devices.

   -p<port>  Used  to  specify  an  alternative  TCP  port  to bind to, if
             running as a standalone daemon or  started  by  init  Can  be
             specified  by  name  or by number. Defaults to the IDENT port

   -t<limit> Used to specify  the  request  timeout  limit.  This  is  the
             maximum  number  of  seconds  a  server  will  allow a client
             connection to be active before terminating it. It defaults to
             120 seconds.

             Specify the location of a file to store the process number of
             the Identd daemon.

             Control the number of threads to use for kernel lookups

             Set the syslog facility to use instead of 'daemon'.

   -o        Directs identd  to  return  OTHER  instead  of  UNIX  as  the
             "operating system".

   -E        Enables  DES  encryption  of the returned data (see below for
             more information).

   -n        Directs identd to always return user numbers instead of  user
             names  (for  example  if  you  wish  to keep the user names a

   -N        Directs identd to check for a file ".noident"  in  each  home
             directory  for  the  user which the daemon is about to return
             the user name for. If that file exists then the  daemon  will
             give  the  error  HIDDEN-USER  instead  of  the normal USERID

   -e        Enables certain non-standard protocol  extensions.  Currently
             defined extensions include the requests VERSION to return the
             Ident daemon version and QUIT to terminate a session  (useful
             in conjunction with the -m option).

   -m        Enables  identd  to  use  a mode of operation that will allow
             multiple requests to be processed per session.  Each  request
             is  specified one per line and the responses will be returned
             one per line. The connection will not  be  closed  until  the
             connecting part closes it's end of the line.


   The preferred way to start identd depends on how it was built.

   If  it  was  built  with  support  for multithreading then it should be
   started either from init , as a standalone daemon or from  inetd  using
   the "wait" mode (if your inetd supports it!)

   If  it  was  built without support for multithreading then it should be
   started from inetd using the normal  "nowait"  mode  for  "stream  tcp"
   services. (The main reason being that it will be single-threaded, so it
   will only serve one client connection at a time).

   identd normally will autodetect how it was invoked so there normally is
   no need to use the four command line switches (-i, -w, -I, -b).


   DES  encryption  is only available if the daemon was built with support
   for it enabled.

   An encryption key (1024 bytes long) should be stored in the key file  (
   /etc/identd.key  ) and it should be generated using a cryptographically
   safe random generator in order to be really safe. It should not contain
   any  NUL  (0x00)  characters since this is used as a string to generate
   the real binary DES key.

   This file may contain multiple 1024 byte long keys, and the server will
   use the last key stored in that file.

   The  returned  token will contain the local and remote IP addresses and
   TCP port numbers, the local user's uid number, a  timestamp,  a  random
   number,  and a checksum - all encrypted using DES. The encrypted binary
   information is then encoded in a BASE64 string (32 characters long) and
   enclosed  in  square brackets to produce a token that is transmitted to
   the remote client.

   The encrypted token can later be decrypted  by  the  idecrypt  command.
   This  program  will attempt to decrypt a token with all the keys stored
   in the key file until it succeeds (or have tried all the keys).


   The configuration file contains a list of option=value pairs.

   syslog:facility = FACILITY
             Set which facility to use when sending syslog messages.   See
             syslog.conf(5) for more information.

   server:user = USER
             Set  what  user  (and  group,  from  the passwd database) the
             daemon should run as after  it  has  opened  all  the  kernel
             handles. (Default: nobody)

   server:group = GROUP
             Override the group id (as set by the server:user option).

   server:port = PORT
             Set  what  TCP/IP port the daemon should listen to. (Default:

   server:backlog = LIMIT
             Set the size of the server listen() backlog limit.

   server:pid-file = PATH
             Set the path to the file where the  server  will  store  it's
             process id.

   server:max-request = LIMIT
             Max  number  of  concurrent  requests  allowed.  Default is 0
             (zero) which means "no limit".

   protocol:extensions = ON/OFF
             Enable/disable the nonstandard protocol extensions (  VERSION
             and QUIT currently). Default: off

   protocol:multiquery = ON/OFF
             Enable/disable  the  multiple queries per connection feature.
             Default: off

   protocol:timeout = SECONDS
             Max number of seconds since connection or  last  request.  If
             set  to  0  (zero),  no  timeout  will  be used. Default: 120

   kernel:threads = LIMIT
             Max number of  threads  doing  kernel  lookups  concurrently.
             Default: 8

   kernel:buffers = LIMIT
             Max number of queued kernel lookup requests. Default: 32

   kernel:attempts = LIMIT
             Max  number  of  times  to  retry  a kernel lookup in case of
             failure.  Default: 5

   result:uid-only = YES/NO
             Disable uid->username  lookups  (only  return  uid  numbers).
             Default: no

   result:noident = ON/OFF
             Enable/disable  checking  for  the   ".noident" file in users
             home directories.

   result:charset = CHARSET
             Define the character set returned in replies.  Default:  "US-

   result:opsys = OPSYS
             Define  the  operating  system  returned in replies. Default:

   result:syslog-level = LEVEL
             If set to anything other than "none", all  requested  replies
             will  be  sent  to  the  syslog  service  with  the specified
             severity level.  See  syslog.conf(5)  for  more  information.
             Default: none

   result:encrypt = YES/NO
             Enable  encryption  of  replies. Only available if Identd was
             built with a DES encryption library.

   encrypt:key-file = PATH
             Path to the file containing the encryption keys.

   include = PATH
             Include (and parse) the  contents  of  another  configuration


   The  username  (or UID) returned ought to be the login name. However it
   (probably, for most architecture implementations) is the "real user ID"
   as stored with the process. Thus the UID returned may be different from
   the login name for setuid programs (or those running as root) which has
   done a setuid(3) call and their children. For example, it may (should?)
   be wrong for an incoming ftpd ; and we are probably interested  in  the
   running  shell, not the telnetd for an incoming telnet session. (But of
   course identd returns  info  for  outgoing  connections,  not  incoming


          Contains the default configuration options for identd.

          If compiled with DES encryption enabled, the 1024 first bytes of
          this file is used to  specify  the  secret  key  for  encrypting

          Contains (if enabled) the process number of the identd daemon.


   The  daemon  is free software. You can redistribute it and/or modify it
   as you wish - as long as you don't claim that you wrote it.

   The source code for the latest version of  the  daemon  can  always  be
   FTP'd from one of the following addresses:

   Main site:


   The author can be contacted at:

   Email:      Peter Eriksson <>


   idecrypt(8) , ikeygen(8) , inetd.conf(5) ,

                              8 Jan 1999                         identd(8)


Personal Opportunity - Free software gives you access to billions of dollars of software at no cost. Use this software for your business, personal use or to develop a profitable skill. Access to source code provides access to a level of capabilities/information that companies protect though copyrights. Open source is a core component of the Internet and it is available to you. Leverage the billions of dollars in resources and capabilities to build a career, establish a business or change the world. The potential is endless for those who understand the opportunity.

Business Opportunity - Goldman Sachs, IBM and countless large corporations are leveraging open source to reduce costs, develop products and increase their bottom lines. Learn what these companies know about open source and how open source can give you the advantage.

Free Software

Free Software provides computer programs and capabilities at no cost but more importantly, it provides the freedom to run, edit, contribute to, and share the software. The importance of free software is a matter of access, not price. Software at no cost is a benefit but ownership rights to the software and source code is far more significant.

Free Office Software - The Libre Office suite provides top desktop productivity tools for free. This includes, a word processor, spreadsheet, presentation engine, drawing and flowcharting, database and math applications. Libre Office is available for Linux or Windows.

Free Books

The Free Books Library is a collection of thousands of the most popular public domain books in an online readable format. The collection includes great classical literature and more recent works where the U.S. copyright has expired. These books are yours to read and use without restrictions.

Source Code - Want to change a program or know how it works? Open Source provides the source code for its programs so that anyone can use, modify or learn how to write those programs themselves. Visit the GNU source code repositories to download the source.


Study at Harvard, Stanford or MIT - Open edX provides free online courses from Harvard, MIT, Columbia, UC Berkeley and other top Universities. Hundreds of courses for almost all major subjects and course levels. Open edx also offers some paid courses and selected certifications.

Linux Manual Pages - A man or manual page is a form of software documentation found on Linux/Unix operating systems. Topics covered include computer programs (including library and system calls), formal standards and conventions, and even abstract concepts.