'\" t
.\"     Title: oidentd
.\"    Author: [see the "AUTHOR(S)" section]
.\" Generator: Asciidoctor 2.0.12
.\"    Manual: oidentd User Manual
.\"    Source: oidentd 3.1.0
.\"  Language: English
.\"
.TH "OIDENTD" "8" "" "oidentd 3.1.0" "oidentd User Manual"
.ie \n(.g .ds Aq \(aq
.el       .ds Aq '
.ss \n[.ss] 0
.nh
.ad l
.de URL
\fI\\$2\fP <\\$1>\\$3
..
.als MTO URL
.if \n[.g] \{\
.  mso www.tmac
.  am URL
.    ad l
.  .
.  am MTO
.    ad l
.  .
.  LINKSTYLE blue R < >
.\}
.SH "NAME"
oidentd \- flexible, RFC 1413 compliant Ident daemon with NAT support
.SH "SYNOPSIS"
.sp
\fBoidentd\fP [\fIOPTIONS\fP]
.SH "DESCRIPTION"
.sp
\fBoidentd\fP implements the Identification Protocol as described in RFC 1413.  By
default, \fBoidentd\fP replies with the username of the owner of connections.  This
behavior can be altered in \fBoidentd.conf\fP(5) and by using the options specified
in this document.
.SH "OPTIONS"
.sp
\fB\-a, \-\-address\fP=\fIADDRESS\fP
.RS 4
Bind to the specified address.  This option causes \fBoidentd\fP to listen for
incoming connections only on the specified address or addresses instead of on
all interfaces.  This option may be specified more than once to configure
multiple addresses.
.RE
.sp
\fB\-c, \-\-charset\fP=\fICHARSET\fP
.RS 4
Inform clients that Ident replies use the specified character set as defined
in RFC 1340 or its successors.  The default is not to send a character set to
clients.
.RE
.sp
\fB\-C, \-\-config\fP=\fIFILE\fP
.RS 4
Use the specified system\-wide configuration file.  If this option is not
given, \fBoidentd\fP defaults to \fB/usr/local/etc/oidentd.conf\fP.  The format of the
system\-wide configuration file is described in \fBoidentd.conf\fP(5).
.RE
.sp
\fB\-d, \-\-debug\fP
.RS 4
Show debug messages, including detailed lookup information that may be useful
for diagnosing issues with failed lookups.  This option is only available if
\fBoidentd\fP was compiled with debugging support.
.RE
.sp
\fB\-e, \-\-error\fP
.RS 4
Hide error messages, returning \fBUNKNOWN\-ERROR\fP for all errors.  This includes
the \fBNO\-USER\fP, \fBHIDDEN\-USER\fP and \fBINVALID\-PORT\fP errors.  This option may be
used to conceal the fact that \fBoidentd\fP is hiding Ident responses for a user.
.RE
.sp
\fB\-f, \-\-forward\fP=[\fIPORT\fP]
.RS 4
Forward requests for hosts masquerading through the server \fBoidentd\fP is
running on to the host that established the corresponding connection.  The
target host must be running \fBoidentd\fP with the \fB\-\-proxy\fP option, or some
Ident server returning static responses regardless of the query.  If no port
is specified, the default Ident port (113) is used.  If forwarding fails,
\fBoidentd\fP falls back to the response specified in \fBoidentd_masq.conf\fP(5).
This option implies \fB\-\-masquerade\fP.  The \fB\-\-masquerade\-first\fP option can be
used to forward queries only if no response was specified in
\fBoidentd_masq.conf\fP(5).
.RE
.sp
\fB\-g, \-\-group\fP=\fIGROUP|GID\fP
.RS 4
Run as the specified group or GID.  If this option is not given, \fBoidentd\fP
falls back to running as "oidentd", "nobody", "nogroup" or GID 65534, in this
order.  On systems that require \fBoidentd\fP to run as the superuser, a warning
is shown and the group is not changed automatically.
.RE
.sp
\fB\-h, \-\-help\fP
.RS 4
Print a summary of options and exit.
.RE
.sp
\fB\-i, \-\-foreground\fP
.RS 4
Do not fork to background.  This option may be useful for debugging, or for
running \fBoidentd\fP from a service manager like \fBsystemd\fP(1) with
\fBType=simple\fP.
.RE
.sp
\fB\-I, \-\-stdio\fP
.RS 4
Read a single Ident query from standard input, write the response to standard
output, then exit.  This option may be useful for debugging, or when running
\fBoidentd\fP from a listener daemon such as \fBxinetd\fP(8).
.RE
.sp
\fB\-l, \-\-limit\fP=\fIMAX\fP
.RS 4
Limit the maximum number of concurrent connections to the specified value.
Further connections beyond this limit will be closed immediately without
spawning a new process.  If this option is not specified, no limit is
enforced.
.RE
.sp
\fB\-m, \-\-masquerade\fP
.RS 4
Enable support for NAT connections, allowing Ident lookups intended for hosts
masquerading through the server running \fBoidentd\fP.  Ident responses for NAT
connections can be configured in the \fBoidentd_masq.conf\fP(5) configuration
file.
.RE
.sp
\fB\-M, \-\-masquerade\-first\fP
.RS 4
If an entry matching the target host exists in the \fBoidentd_masq.conf\fP(5)
configuration file, return the configured Ident response instead of
forwarding the query.  With this option, queries are forwarded only if no
static response has been configured.  If this option is not specified, the
default behavior of \fB\-\-forward\fP is to forward queries before checking the
\fBoidentd_masq.conf\fP(5) file.  This option implies \fB\-\-forward\fP and
\fB\-\-masquerade\fP.
.RE
.sp
\fB\-o, \-\-other\fP=[\fIOS\fP]
.RS 4
Set an alternative operating system string to send alongside Ident responses.
Note that some clients may interpret queries as having failed when an unknown
operating system is returned.  If this option is not specified, the value
\fBUNIX\fP is used.  If this option is specified without an argument, \fBOTHER\fP is
returned.
.RE
.sp
\fB\-p, \-\-port\fP=\fIPORT\fP
.RS 4
Listen on the specified port instead of port 113.
.RE
.sp
\fB\-P, \-\-proxy\fP=\fIORIGIN\fP
.RS 4
Allow the specified host to forward queries to this instance using the
\fB\-\-forward\fP option.  If \fB\-\-reply\fP is not specified, this option must be
enabled for \fBoidentd\fP to correctly handle forwarded connections.
.RE
.sp
\fB\-q, \-\-quiet\fP
.RS 4
Suppress normal logging, showing only critical messages.
.RE
.sp
\fB\-r, \-\-reply\fP=\fIREPLY\fP
.RS 4
When a lookup fails, send the specified Ident response as if it had
succeeded.
.RE
.sp
\fB\-R, \-\-reply\-all\fP=\fIREPLY\fP
.RS 4
Send the specified reply in response to all well\-formed queries.  When this
option is used, the configuration files are not read and connection lookups
are never performed.  Privileged initialization is not performed on systems
that would otherwise require it, so unprivileged users can run oidentd with
this option as long as they have permission to bind the requested port.
.RE
.sp
\fB\-S, \-\-nosyslog\fP
.RS 4
Log messages to the standard error stream, even if it is not a terminal.  If
standard error is a terminal, messages are written to it by default.
.RE
.sp
\fB\-t, \-\-timeout\fP=\fISECONDS\fP
.RS 4
Close connections if no Ident query is received within the specified number
of seconds.  By default, connections are closed after 30 seconds.
.RE
.sp
\fB\-u, \-\-user\fP=\fIUSER|UID\fP
.RS 4
Run as the specified user or UID.  If this option is not given, \fBoidentd\fP
falls back to running as "oidentd", "nobody" or UID 65534, in this order.  On
systems that require \fBoidentd\fP to run as the superuser, a warning is shown
and the user is not changed automatically.
.RE
.sp
\fB\-v, \-\-version\fP
.RS 4
Print version and build information and exit.
.RE
.SH "FILES"
.sp
\fB/usr/local/etc/oidentd.conf\fP
.RS 4
System\-wide configuration file; see \fBoidentd.conf\fP(5).
.RE
.sp
\fB~/.config/oidentd.conf\fP, \fB~/.oidentd.conf\fP
.RS 4
User configuration files; see \fBoidentd.conf\fP(5).
.RE
.sp
\fB/usr/local/etc/oidentd_masq.conf\fP
.RS 4
Masquerading configuration file; see \fBoidentd_masq.conf\fP(5).
.RE
.SH "AUTHOR"
.sp
.MTO "info\(atjanikrabe.com" "Janik Rabe" ""
.RS 4
.URL "https://janikrabe.com" "" ""
.RE
.sp
Originally written by Ryan McCabe.
.SH "BUGS"
.sp
Please report any bugs to \c
.MTO "info\(atjanikrabe.com" "Janik Rabe" "."
.SH "SEE ALSO"
.sp
\fBoidentd.conf\fP(5)
\fBoidentd_masq.conf\fP(5)