1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
|
midentd v2.1
17.8.2001
(c) Peter Surda, shurdeek@panorama.sth.ac.at (current maintainer)
(c) Peter van Dijk, peter@dataloss.nl (original author and old maintainer)
http://panorama.sth.ac.at/midentd/
[This program is under GPL]
midentd is an identd replacement for linux with masquerading support. With your
average identd on a masquerading firewall, if an ident request comes in for a
masqueraded connection, it will return 'ERROR : NO-USER' or something along
those lines. This may be quite irritating at times, with, for example,
IRC servers that won't let you in if they don't get a valid ident reply.
This program tries to fix that. When a request comes in, it checks it in
/proc/net/tcp first, just like any regular identd will do. If it can't find the
connection there, it looks in /proc/net/ip_masquerade (2.0 and 2.2. kernels) or
/proc/net/ip_conntrack (2.4 kernel) and tries to find it there. If it does, it
will connect to the client that owns the connection and ask the midentd there
which user owns that connection. If midentd isn't running on the client, it
will try a normal ident request, which might work as well (windows irc clients
usually work with this)
Newsflash: 2.0 has a support for 2.4 kernel, mirc is handled automatically, no
config files requres anymore, and minor other changes.
Newsflash: From version 1.5 and upwards, midentd works on PPC. The problem
was endianness (by Turbo Fredriksson <turbo@debian.org>).
Newsflash: From version 1.2 and upwards, midentd supports some windows IRC
clients too.
INSTALLATION
Run ./install.sh as root.
Now, the finishing step. You can either:
1. put it in /etc/inetd.conf
A line like this works for me:
------------------cut here--------------
auth stream tcp nowait nobody /usr/local/sbin/midentd midentd
------------------cut here--------------
2. put it in xinetd, save this as /etc/xinetd.d/midentd:
--------cut here----------
# default: off
# description: An identd daemon with masquerading support
service ident
{
disable = no
id = midentd
socket_type = stream
protocol = tcp
wait = no
user = nobody
nice = 0
server = /usr/local/sbin/midentd
}
--------cut here----------
3. Run it as a standalone daemon. This means however that you won't be able to
use tcp_wrappers for limiting who can connect. However, it can reduce load on
the server:
/usr/local/sbin/midentd -u nobody
If you change the "nobody", don't forget to change that in midentd.logcycle
too, or nothing gets logged.
WINDOWS IRC USERS
If you have any windows IRC users, midentd should handle them automatically
Don't forget to enable the identd function in mIRC.
Aaron Gray <agro@giggage.com> reports that this works with XiRCON
(http://www.xircon.com/) too.
Maarten Goet <tico@universation.net> reports that this works with mIRC
and Pirch.
Note that Pirch gives _very_ bogus ident replies, and midentd will pass
these one just as bogus. Perhaps a future version will fix this. A fix
is not needed, since every IRC server seems to work fine with Pirch, which
means it should work fine with Pirch thru midentd too.
|
