.\" $Id: oidentd.8,v 1.7 2000/01/15 18:48:52 odin Exp $
.TH oidentd 8 "15 Jan 2000" "version 1.6.4"
.SH NAME
oidentd, in.oidentd \- TCP/IP IDENT protocol server
.SH SYNOPSIS
.B oidentd
[ \-AdeFhimnNoqrsSvVwW ]
[ \-a <hostname/IP address> ]
[ \-c <charset> ]
[ \-f <port> ]
[ \-p <port> ]
[ \-P <hostname/IP address> ]
[ \-O <OS string> ]
[ \-t <seconds> ]
[ \-T <seconds> ]
[ \-g <group/gid> ]
[ \-u <username/uid> ]
[ \-x <string> ]
.SH DESCRIPTION
.IX "oidentd daemon" "" \fLoidentd\fP daemon"
.B oidentd
is a server which implements the
.SM TCP/IP
proposed standard
.SM IDENT
user identification protocol as specified in the
.SM RFC\s0 1413
document.
.PP
.B oidentd
operates by looking up specific
.SM TCP/IP
connections and returning the user name of the
process owning the connection.
.SH OPTIONS
.TP
.I "\-a <hostname> or \-a <IP address>"
Bind listening socket to <address>
.TP
.I "\-A"
Allow users to spoof identd replies on all ports when the -s flag is specified.
.TP
.I "\-c <charset>"
Use alternate specified charset.
.TP
.I "\-d"
Enable debugging.
.TP
.I "\-e"
Return "UNKNOWN-ERROR" for all errors.
.TP
.I "\-f <port>"
When the IP masquerading support is enabled (-m), when -f is specified, requests for machines that masquerade through us will be forwarded to those machines on <port>. If the forwarded request fails, 
.B oidentd
will fall back on the default method (reading the 
.B /etc/oident.users 
file).

.TP
.I "\-F"
Same as \-f, but uses 113 as the port.

.TP
.I "\-g <gid> or \-g <group>"
Run with specified gid or group.
.TP
.I "\-i"
Specify this flag when
.B oidentd
is run from inetd.
.TP
.I "\-m"
Enable support for ident queries for IP masqueraded connections. A file
.B /etc/oidentd.users
should be created of the format:
.sp
.RS
<ip or host>[/mask] <username> <os>
.sp
The first field contains the IP or hostname of a machine that IP masquerades through the machine on which 
.B oidentd 
runs.  Mask can be either a network mask or a plain number.  A mask of 24 is equivalent to 255.255.255.0, a mask of 16 is equivalent to 255.255.0.0, etc.
.sp
Username is the reply that 
.B oidentd 
will return for lookups to the host matching the IP address specified in the first parameter.
.sp
OS is the operating system the machine matching the first parameter is running.
.RE
.TP
.I "\-n"
Return UIDs instead of usernames.
.TP
.I "\-N"
.B oidentd
will check for a
.B .noident
file in the owner of a connection's home directory. If found, instead of a username, "HIDDEN-USER" will be returned.
.TP
.I "\-o"
Return "OTHER" instead of the name of the operating system.

.TP
.I "\-O <OS string>"
The string specified by <OS string> will be returned as the OS string by default for all successful ident lookups.  The default is "UNIX" if this flag is not used.

.TP
.I "\-p <port>"
Run
.B oidentd
on specified port when running in standalone mode.

.TP
.I "\-P <hostname> or \-P <IP address>"
<hostname/IP address> acts as a proxy, forwarding connections to us. This option must be enabled when connections on the machine on which oidentd is running are masqueraded through another host and the host through which the connections are masqueraded forwards requests to us.
.TP
.I "\-q"
Oidentd will not log any status messages to syslog. (Quiet)
.TP
.I "\-r"
Return a randomized identd reply.
.TP
.I "\-s"
Allow identd reply spoofing. In order for a non-root user to spoof its identd reply, the username must be listed in
.B /etc/identd.spoof.
The spoofed reply can optionally be specified in the
.B /etc/identd.spoof
file.  For example, if "user:string" were an entry in
.B /etc/identd.spoof,
any successful lookups for "user" would result in the reply "string" being returned.  If the reply is not specified in the
/etc/identd.spoof
file, the spoofed reply will be read from an
.B .ispoof
file in the user's home directory. If a user is not allowed to spoof identd replies or there is an error reading the
.B .ispoof
file, if the -r flag has been passed to identd, a randomized identd reply will be returned. If not, the user's username will be returned. Non-root users are allowed to spoof identd replies on ports greater than 1023. Non-root users may spoof identd replies on all ports if the -A option is specified.
.TP
.I "\-S"
Same as '\-s' but allow all users to spoof identd replies except for those users listed in the
.B /etc/identd.spoof
file.
.TP
.I "\-t <seconds>"
Number of seconds
.B oidentd
will wait for input from a client before closing the connection.
.TP
.I "\-T <seconds>"
Number of seconds
.B oidentd
will remain running when called with the -w option.
.TP
.I "\-u <uid> or \-u <username>"
Run with specified uid or username.
.TP
.I "\-x <string>"
Upon a failed lookup, <string> will be returned to the client as if the lookup had succeeded.
.TP
.I "\-v and \-V"
Display version information and exit.
.TP
.I "\-w"
When run from inetd with the wait option specified,
.B oidentd
will continue to service requests, acting as a standalone daemon, after being executed by inetd.
.TP
.I "\-W"
Do not log connections to
.B oidentd.
(To be used when
.B oidentd
is wrapped by tcp wrappers or when connections are otherwise logged)
.TP
.I "\-h"
Display options and exit.
.SH FILES
.TP
.B /etc/identd.spoof
List of users allowed to spoof identd replies.
.TP
.B /etc/oidentd.users
IP Masquerading mappings.
.TP
.B $HOME/.ispoof
File containing username to return when
.B oidentd
is run with the -s flag.
.TP
.B $HOME/.noident
File signifying that
.B oidentd
should return "HIDDEN-USER" instead of the username of the owner of a connection.
.SH AUTHOR
Ryan McCabe <odin@numb.org>
.PP
http://ojnk.sourceforge.net
.SH BUGS
Oidentd will only handle masqueraded connections on Linux, as of now.
.PP
Currently, forwarding connections to BSD machines will not work, though it's
possible to use -x on the BSD machine to simulate a successful lookup.
.SH "SEE ALSO"
.BR inetd.conf (5)