identd(8)
NAME
identd - TCP/IP IDENT protocol server
SYNOPSIS
identd [options]
DESCRIPTION
Identd is a server which implements the TCP/IP proposed standard IDENT user identification protocol as specified in the RFC 1413 document. identd operates by looking up specific TCP/IP connections and returning the user name of the process owning the connection. It can optionally return other information instead of a user name.
OPTIONS
-h Display the available command line options.
-V Displays the version and OS version it was compiled for, and
then exit.
-d Enables extra debugging messages.
-C<file> Directs identd to parse additional configuration options from
the file specified.
-i May be used when starting the daemon by inetd with the
"nowait" option (see below).
-w May be used when starting the daemon by inetd with the "wait"
option (see below).
-I May be used when the daemon is started by init (see below).
-b flag may be used to make the daemon run in standalone mode
(see below).
-u<user> Used to specify a user number or name to which the server
should switch to after binding itself to the TCP/IP port and
opening the kernel devices.
-g<group> Used to specify a group number or name which the server
should switch to after binding itself to the TCP/IP port and
opening the kernel devices.
-p<port> Used to specify an alternative TCP port to bind to, if
running as a standalone daemon or started by init Can be
specified by name or by number. Defaults to the IDENT port
(113).
-t<limit> Used to specify the request timeout limit. This is the
maximum number of seconds a server will allow a client
connection to be active before terminating it. It defaults to
120 seconds.
-P<pidfile>
Specify the location of a file to store the process number of
the Identd daemon.
-K<nthreads>
Control the number of threads to use for kernel lookups
-L<facility>
Set the syslog facility to use instead of 'daemon'.
-o Directs identd to return OTHER instead of UNIX as the
"operating system".
-E Enables DES encryption of the returned data (see below for
more information).
-n Directs identd to always return user numbers instead of user
names (for example if you wish to keep the user names a
secret).
-N Directs identd to check for a file ".noident" in each home
directory for the user which the daemon is about to return
the user name for. If that file exists then the daemon will
give the error HIDDEN-USER instead of the normal USERID
response.
-e Enables certain non-standard protocol extensions. Currently
defined extensions include the requests VERSION to return the
Ident daemon version and QUIT to terminate a session (useful
in conjunction with the -m option).
-m Enables identd to use a mode of operation that will allow
multiple requests to be processed per session. Each request
is specified one per line and the responses will be returned
one per line. The connection will not be closed until the
connecting part closes it's end of the line.
INSTALLATION
The preferred way to start identd depends on how it was built. If it was built with support for multithreading then it should be started either from init , as a standalone daemon or from inetd using the "wait" mode (if your inetd supports it!) If it was built without support for multithreading then it should be started from inetd using the normal "nowait" mode for "stream tcp" services. (The main reason being that it will be single-threaded, so it will only serve one client connection at a time). identd normally will autodetect how it was invoked so there normally is no need to use the four command line switches (-i, -w, -I, -b).
ENCRYPTION
DES encryption is only available if the daemon was built with support for it enabled. An encryption key (1024 bytes long) should be stored in the key file ( /etc/identd.key ) and it should be generated using a cryptographically safe random generator in order to be really safe. It should not contain any NUL (0x00) characters since this is used as a string to generate the real binary DES key. This file may contain multiple 1024 byte long keys, and the server will use the last key stored in that file. The returned token will contain the local and remote IP addresses and TCP port numbers, the local user's uid number, a timestamp, a random number, and a checksum - all encrypted using DES. The encrypted binary information is then encoded in a BASE64 string (32 characters long) and enclosed in square brackets to produce a token that is transmitted to the remote client. The encrypted token can later be decrypted by the idecrypt command. This program will attempt to decrypt a token with all the keys stored in the key file until it succeeds (or have tried all the keys).
CONFIGURATION FILE
The configuration file contains a list of option=value pairs.
syslog:facility = FACILITY
Set which facility to use when sending syslog messages. See
syslog.conf(5) for more information.
server:user = USER
Set what user (and group, from the passwd database) the
daemon should run as after it has opened all the kernel
handles. (Default: nobody)
server:group = GROUP
Override the group id (as set by the server:user option).
server:port = PORT
Set what TCP/IP port the daemon should listen to. (Default:
113)
server:backlog = LIMIT
Set the size of the server listen() backlog limit.
server:pid-file = PATH
Set the path to the file where the server will store it's
process id.
server:max-request = LIMIT
Max number of concurrent requests allowed. Default is 0
(zero) which means "no limit".
protocol:extensions = ON/OFF
Enable/disable the nonstandard protocol extensions ( VERSION
and QUIT currently). Default: off
protocol:multiquery = ON/OFF
Enable/disable the multiple queries per connection feature.
Default: off
protocol:timeout = SECONDS
Max number of seconds since connection or last request. If
set to 0 (zero), no timeout will be used. Default: 120
seconds.
kernel:threads = LIMIT
Max number of threads doing kernel lookups concurrently.
Default: 8
kernel:buffers = LIMIT
Max number of queued kernel lookup requests. Default: 32
kernel:attempts = LIMIT
Max number of times to retry a kernel lookup in case of
failure. Default: 5
result:uid-only = YES/NO
Disable uid->username lookups (only return uid numbers).
Default: no
result:noident = ON/OFF
Enable/disable checking for the ".noident" file in users
home directories.
result:charset = CHARSET
Define the character set returned in replies. Default: "US-
ASCII"
result:opsys = OPSYS
Define the operating system returned in replies. Default:
"UNIX"
result:syslog-level = LEVEL
If set to anything other than "none", all requested replies
will be sent to the syslog service with the specified
severity level. See syslog.conf(5) for more information.
Default: none
result:encrypt = YES/NO
Enable encryption of replies. Only available if Identd was
built with a DES encryption library.
encrypt:key-file = PATH
Path to the file containing the encryption keys.
include = PATH
Include (and parse) the contents of another configuration
file.
NOTES
The username (or UID) returned ought to be the login name. However it (probably, for most architecture implementations) is the "real user ID" as stored with the process. Thus the UID returned may be different from the login name for setuid programs (or those running as root) which has done a setuid(3) call and their children. For example, it may (should?) be wrong for an incoming ftpd ; and we are probably interested in the running shell, not the telnetd for an incoming telnet session. (But of course identd returns info for outgoing connections, not incoming ones.)
FILES
/etc/identd.conf
Contains the default configuration options for identd.
/etc/identd.key
If compiled with DES encryption enabled, the 1024 first bytes of
this file is used to specify the secret key for encrypting
replies.
/var/run/identd/identd.pid
Contains (if enabled) the process number of the identd daemon.
AVAILABILITY
The daemon is free software. You can redistribute it and/or modify it as you wish - as long as you don't claim that you wrote it. The source code for the latest version of the daemon can always be FTP'd from one of the following addresses: Main site: ftp://ftp.lysator.liu.se/pub/ident/servers/ Mirror: ftp://ftp.uu.net/networking/ident/servers/ The author can be contacted at: Email: Peter Eriksson <pen@lysator.liu.se>
SEE ALSO
idecrypt(8) , ikeygen(8) , inetd.conf(5) , 8 Jan 1999 identd(8)
Opportunity
Personal Opportunity - Free software gives you access to billions of dollars of software at no cost. Use this software for your business, personal use or to develop a profitable skill. Access to source code provides access to a level of capabilities/information that companies protect though copyrights. Open source is a core component of the Internet and it is available to you. Leverage the billions of dollars in resources and capabilities to build a career, establish a business or change the world. The potential is endless for those who understand the opportunity.
Business Opportunity - Goldman Sachs, IBM and countless large corporations are leveraging open source to reduce costs, develop products and increase their bottom lines. Learn what these companies know about open source and how open source can give you the advantage.
Free Software
Free Software provides computer programs and capabilities at no cost but more importantly, it provides the freedom to run, edit, contribute to, and share the software. The importance of free software is a matter of access, not price. Software at no cost is a benefit but ownership rights to the software and source code is far more significant.
Free Office Software - The Libre Office suite provides top desktop productivity tools for free. This includes, a word processor, spreadsheet, presentation engine, drawing and flowcharting, database and math applications. Libre Office is available for Linux or Windows.
Free Books
The Free Books Library is a collection of thousands of the most popular public domain books in an online readable format. The collection includes great classical literature and more recent works where the U.S. copyright has expired. These books are yours to read and use without restrictions.
Source Code - Want to change a program or know how it works? Open Source provides the source code for its programs so that anyone can use, modify or learn how to write those programs themselves. Visit the GNU source code repositories to download the source.
Education
Study at Harvard, Stanford or MIT - Open edX provides free online courses from Harvard, MIT, Columbia, UC Berkeley and other top Universities. Hundreds of courses for almost all major subjects and course levels. Open edx also offers some paid courses and selected certifications.
Linux Manual Pages - A man or manual page is a form of software documentation found on Linux/Unix operating systems. Topics covered include computer programs (including library and system calls), formal standards and conventions, and even abstract concepts.
