File: INSTALL

package info (click to toggle)
oidentd 2.3.2-1
  • links: PTS, VCS
  • area: main
  • in suites: buster
  • size: 1,304 kB
  • sloc: ansic: 6,931; sh: 4,359; yacc: 462; lex: 344; makefile: 64
file content (54 lines) | stat: -rw-r--r-- 3,179 bytes parent folder | download 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
 
Issuing the commands "./configure", then "make", then "make install" will
(respectively) configure, compile and install the oidentd daemon and its
manual pages.  By default, the daemon is installed in /usr/local/sbin/oidentd,
and the uncompressed manual pages are installed in /usr/local/share/man/man5
and /usr/local/share/man/man8.

IPv6 and IP masquerade support are enabled by default on platforms that support
them.  To disable IPv6 support, pass the --disable-ipv6 option to the configure
script.  To disable IP masquerade support, pass the --disable-masq option to
the configure script.

If you're having problems with oidentd, additional debugging information is
available when the --enable-debug option is passed to the configure script and
oidentd is run with the --debug flag.

On Linux, oidentd compiles with libnetfilter_conntrack support by default if
IP masquerade support is enabled and the libnetfilter_conntrack and libcap-ng
headers and libraries are present.  This allows oidentd to obtain connection
tracking information directly from the kernel instead of using the "/proc"
filesystem.  When oidentd is compiled on Linux with IP masquerade support
enabled, but one of these libraries is not present, the "./configure" script
will emit a warning.  This warning can safely be ignored if the target system
has at least one of the files "nf_conntrack", "ip_conntrack" or "ip_masquerade"
in "/proc/net".

oidentd version 2 runs only as a standalone daemon.  Therefore, any entries
for ident in any inetd or xinetd (or any other "super server") configuration
files must be disabled before running oidentd.  This is the case for
performance reasons; when oidentd starts up, it parses the /etc/oidentd.conf
configuration file.  If oidentd ran from inetd (or similar), it would have to
parse the configuration file for each incoming connection.  Running standalone
lets oidentd parse the file once at startup and after that only when it
receives a SIGHUP.

Users running inetd can locate such lines by running the command
"egrep ^(auth|ident) /etc/inetd.conf".  Lines that show up must be
commented out by inserting a '#' character at the start of the line.
After the line is disabled the inetd program must be restarted by sending
it the SIGHUP signal (signal 1).

oidentd does not ordinarily require superuser privileges and should not
run as root, if possible.  Do note, however, that oidentd must start up
as root so that it can bind port 113 (if no --port argument is given),
and so that it can open /dev/kmem on operating systems on which this is
required. Once oidentd does this, it can drop any extra privileges. The
file KERNEL_SUPPORT.md contains a list of operating systems that require
access to /dev/kmem.  Note, however, that some configurations may require
oidentd to start up as root even when kernel memory access is not needed.
For example, this is the case on Linux if IP/NAT masquerade support is
enabled, so that oidentd can open the connection tracking file.

For information regarding setting the user and group that oidentd will run as,
please see the descriptions of the "--user" and "--group" command-line
flags in the oidentd manual page.