1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
|
S/Ident Installation Instructions
Written by Booker Bense <bbense@stanford.edu>
Currently maintained by Russ Allbery <rra@stanford.edu>
BASIC INSTALLATION
1. Run "configure":
$ ./configure
You can specify an alternate destination to override the default with
the --prefix option:
$ ./configure --prefix=/usr/local/gnu
or some path that is more appropriate for your site. The default
prefix value is /usr/local, with binaries in subdirectory sbin,
manual pages in subdirectory man, libraries in subdirectory lib, and
include files in subdirectory include.
To specify the location of the Kerberos header files and libraries,
use the --with-kerberos=DIR option. DIR should be a directory with
subdirectories include and lib, holding the Kerberos include files
and libraries respectively.
Try "./configure --help" for further information on its usage.
The configure script attempts to identify your system and use the
correct source code to interogate the kernel. If it cannot match up
a kernel file to your OS (you will see warning message from the
configure script), look in the directory
responder/kernel
There are many more files in there than I have access to machines
to test and configure. If you find one that looks right for your
system link it to
responder/kernel.c
If this works for you please email me the name of the file you chose
and the config.status file generated by your system.
If you wish to only build the requester library and not the sidentd
responder, give the --disable-responder argument to configure.
2. Look at the macro SERVER_PORT in responder/identd.h.
This macro defines the set of ports on which your system provides
services to other machines. This macro defines the ports that are
automatically rejected when you run the responder with the -C flag
(i.e. only respond to S/Ident requests that look like "client"
ports). You may wish to use this to restrict the ability of "random"
machines on the network to gain information about servers running on
your machine. The default macro rejects anything with a port number
in the reserved port range or equal to the standard X Window server
port.
To get the most complete converage possible you should run
netstat -a -f inet
on the machine and block any tcp ports on which you run servers.
Lines like
tcp 0 0 *.6000 *.* LISTEN
signify that you are running a tcp based server on port 6000.
3. Try to build it:
$ make
This will (hopefully) make the needed S/Ident binaries within the
responder directory and the S/Ident library in the requester
directory. There are also some simple test programs in each of these
directories.
sident-test.c: A simple server to test the requester library. You
can install it in inetd.conf as
lookup stream tcp nowait root /usr/local/sbin/sident-test
where "lookup" is some service port configured in /etc/services. It
takes the srvtab and keytab paths on the command line and attempts to
do an S/Ident callback for any incoming connection.
itest.c: A simple test program in the responder source to test the
kernel reading code for your system.
If something fails for your system, and you want to submit a bug
report, you may wish to include your "config.status" file, your host
type, operating system and compiler information, make output, and
anything else you think will be helpful.
4. Install the binaries/documentation. You can do this by running:
$ make install
but you will also need to configure every system that should be
running a responder. I suggest that you read
doc/draft-morgan-ident-ext-01.txt
before installing anything. The man page for sidentd documents how
to correctly install it.
CONFIGURE INFORMATION
Here are the most commonly used options to the configure script. For a
full list of options, run ./configure --help. For more detailed
documentation about configure, please refer to the GNU Autoconf
documentation.
--prefix=DIR
The root of where to install the various pieces of S/Ident. The
default is /usr/local. You can also use --includedir, --libdir,
--mandir, and --sbindir to separately set the paths for each portion
of the install.
--with-kerberos=DIR
Specifies the location of your Kerberos installation if it's not in
the paths searched by default by your compiler. S/Ident will expect
libraries in DIR/lib and include files in DIR/include.
--enable-static-daemon
Statically link the S/Ident responder against the Kerberos
libraries. This will allow the responder to run on systems that
don't have the Kerberos libraries installed.
--disable-responder
Only build (and install) the requester library. Don't build or
install the sidentd responder daemon.
--disable-shared
--disable-static
By default, both shared and static versions of the libsident
requester library will be built. If you want to disable one or the
other of those, use these flags.
The following environment variables override configure's default
behaviour:
CC
The compiler to use. If not set, tries to use gcc first, then cc.
Note that the appropriate argument for 64-bit compiles will be
automatically added if you are building the responder on Solaris and
isalist indicates that you have a 64-bit kernel (-xarch=v9 for cc
and -m64 for gcc).
CFLAGS
The options to use when compiling. By default, configure tries to
use "-g -O" as options, backing down to -g alone if that doesn't
work.
|
