Login or Register to Ask a Question and Join Our Community

Sponsored Content
Full Discussion: I would like to know Would you run the ‘identd’ daemon on UNIX servers?
Top Forums UNIX for Dummies Questions & Answers I would like to know Would you run the ‘identd’ daemon on UNIX servers? Post 97993 by RTM on Friday 3rd of February 2006 04:25:50 PM
Old 02-03-2006
Hee hee, Thanks Perderabo, for the 'missed spelling'.

FYI - for more info on identd - see this
 

10 More Discussions You Might Find Interesting

1. UNIX for Dummies Questions & Answers

applicatoin cannot started, becos daemon did not run

hi, i had an applicatoin which is not running cos one of its daemon is not running.. i get the applicatoin to run by running the daemon first... its manual job... so quite cumbersome.. i have backups in the night, with the crontab -l entry with logs written. the logs indicated successful... (7 Replies)
Discussion started by: yls177
7 Replies

2. Shell Programming and Scripting

Run shell script as a daemon

I have simple shell script that I run as cron job every hour of the day. I would like to make it a daemon that runs far more frequently like every 30 seconds or so, but I have never made daemon before. How can I do this? -Sam (7 Replies)
Discussion started by: Sammy_T
7 Replies

3. Shell Programming and Scripting

ksh to run servers

I want to write a Kshell program which will start the servers(Oracle,DataIntegrator). Can anybody help me with this? I would appreciate your help. Thanks in advance (0 Replies)
Discussion started by: pari111222
0 Replies

4. UNIX for Advanced & Expert Users

Command to run across servers

Hi, I have to run several unix commands like lsof or sed and need to execute across different servers as part of my monitoring tasks. There are around 40 Unix Servers. It is really cumbersome to run those command on several servers. can some help me in this regard. Is it possible to run... (6 Replies)
Discussion started by: john_prince
6 Replies

5. Shell Programming and Scripting

Creating a daemon to run in background

I am trying to create a service to always run and monitor a script that has a tendency to hang, we could not find what is causing it to hang so are in the process of completely reprogramming just about everything, however, that will take upto 6 months. So I need to create this to monitor the... (5 Replies)
Discussion started by: ukndoit
5 Replies

6. IP Networking

effects of bin file stored in nfs & run as daemon

Hi, Good Day, I had this question in my mind.Hope someone can give me his/her thought about it. Question: I had a binary files stored in the nfs system and mounted several workstation locally and running as deamon. Is there in effect to the networks or any problem me arise regarding network... (3 Replies)
Discussion started by: jao_madn
3 Replies

7. Shell Programming and Scripting

run this script as a daemon process

Hi, HI , I have a simple script that moves files from one folder to another folder, I have already done the open-ssh server settings and the script is working fine and is able to transfer the files from one folder to another but right now I myself execute this script by using my creditianls to... (3 Replies)
Discussion started by: nks342
3 Replies

8. Shell Programming and Scripting

script to run as a daemon

Hi, I have one query that is suppose if I have a script that pick up some files from source folder and put it into destination folder , and I want this script to run after every 1 hour, to make it configurable as per that I have options like crontab and nohup but when I test this script I have to... (2 Replies)
Discussion started by: nks342
2 Replies

9. Shell Programming and Scripting

How to make a bash or shell script run as daemon?

Say i have a simple example: root@server # cat /root/scripts/test.sh while sleep 5 do echo "how are u mate" >> /root/scripts/test.log done root@server # Instead of using rc.local to start or another script to check status, I would like make it as daemon, where i can do the following: ... (2 Replies)
Discussion started by: timmywong
2 Replies

10. Solaris

Installing identd on Solaris 11 (or how to enable it)

I'm trying to install an IRC server on a Solaris 11 box. However, identd isn't install by default and I can't see how I can install or enable it. I also can't seem to find any documentation on this. Any ideas? (1 Reply)
Discussion started by: g33rsdhgjy7
1 Replies

LEARN ABOUT BSD

identd

IDENTD(8)						      System Manager's Manual							 IDENTD(8)

NAME

       identd, in.identd - TCP/IP IDENT protocol server

SYNOPSIS

       /usr/libexec/[in.]identd [-i|-w|-b] [-t<seconds>] [-u<uid>] [-g<gid>] [-p<port>] [-a<address>] [-c<charset>] [-C[<keyfile>]] [-o] [-e] [-l]
       [-V] [-m] [-N] [-d] [-F<format>] [kernelfile[kmemfile]]

DESCRIPTION

       identd is a server which implements the TCP/IP proposed standard IDENT user identification protocol as specified in the RFC 1413 document.

       identd operates by looking up specific TCP/IP connections and returning the user name of the process owning the connection.  It can option-
       ally return other information instead of a user name.

ARGUMENTS

       The  -i flag, which is the default mode, should be used when starting the daemon from inetd with the "nowait" option in the /etc/inetd.conf
       file. Use of this mode will make inetd start one identd daemon for each connection request.

       The -w flag should be used when starting the daemon from inetd with the "wait" option in the /etc/inetd.conf file . This  is  the  prefered
       mode  of  operation  since that will start a copy of identd at the first connection request and then identd will handle subsequent requests
       without having to do the nlist lookup in the kernel file for every request as in the -i mode above. The identd daemon will run either  for-
       ever, until a bug makes it crash or a timeout, as specified by the -t flag, occurs.

       The  -b flag can be used to make the daemon run in standalone mode without the assistance from inetd.  This mode is the least prefered mode
       since a bug or any other fatal condition in the server will make it terminate and it will then have to be restarted  manually.  Other  than
       that it has the same advantage as the -w mode in that it parses the nlist only once.

       The  -t<seconds> option is used to specify the timeout limit. This is the number of seconds a server started with the -w flag will wait for
       new connections before terminating. The server is automatically restarted by inetd whenever a new connection is requested if it has  termi-
       nated. A suitable value for this is 120 (2 minutes), if used. It defaults to no timeout (i.e. will wait forever, or until a fatal condition
       occurs in the server).

       The -u<uid> option is used to specify a user id number which the ident server should switch to after binding itself to the TCP/IP  port	if
       using the -b mode of operation.

       The  -g<gid> option is used to specify a group id number which the ident server should switch to after binding itself to the TCP/IP port if
       using the -b mode of operation.

       The -p<port> option is used to specify an alternative port number to bind to if using the -b mode of operation. It can be specified by name
       or by number. Defaults to the IDENT port(113).

       The  -a<address> option is used to specify the local address to bind the socket to if using the -b mode of operation. Can only be specified
       by IP address and not by domain name. Defaults to the INADDR_ANY address which normally means all local addresses.

       The -V flag makes identd display the version number and then exit.

       The -l flag tells identd to use the System logging daemon syslogd for logging purposes.

       The -o flag tells identd to not reveal the operating system type it is run on and to instead always return "OTHER".

       The -e flag tells identd to always return "UNKNOWN-ERROR" instead of the "NO-USER" or "INVALID-PORT" errors.

       The -c<charset> flags tells identd to add the optional (according to the IDENT protocol) character set designator to the  reply	generated.
       charset should be a valid character set as described in the MIME RFC in upper case characters.

       The  -C[<keyfile>]  option  tells  identd to return encrypted tokens instead of user names.  The local and remote IP addresses and TCP port
       numbers, the local user's uid number, a timestamp, a random number, and a checksum, are all encrypted using DES with a secret  key  derived
       from  the  first line of the keyfile (using des_string_to_key(3)).  The encrypted binary information is then encoded in a base64 string (32
       characters in length) and enclosed in square brackets to produce a token that is transmitted to the remote client.  The encrypted token can
       later  be decrypted by idecrypt(8).  There may not be a space between the -C and the name of the keyfile.  If the keyfile is not specified,
       it defaults to /etc/identd.key.

       The -n flag tells identd to always return user numbers instead of user names if you wish to keep the user names	a  secret.   The  -N  flag
       makes  identd  check  for a file ".noident" in each homedirectory for a user which the daemon is about to return the user name for. It that
       file exists then the daemon will give the error HIDDEN-USER instead of the normal USERID response.

       -m flag makes identd use a mode of operation that will allow multiple requests to be processed per session. Each request is  specified  one
       per  line  and  the responses will be returned one per line. The connection will not be closed until the connecting part closes it's end of
       the line.  PLEASE NOTE THAT THIS MODE VIOLATES THE PROTOCOL SPECIFICATION AS IT CURRENTLY STANDS.

       The -d flag enables some debugging code that normally should NOT be enabled since that breaks the protocol and may reveal information  that
       should not be available to outsiders.

       The -F<format> option makes identd use the specified format to display info. The allowed format specifiers are:
	    %u	 print user name
	    %U	 print user number
	    %g	 print (primary) group name
	    %G	 print (primary) group number
	    %l	 print list of all groups by name
	    %L	 print list of all groups by number
	    %p	 print process ID of running process
	    %c	 print command name
	    %C	 print command and arguments
       The  lists of groups (%l, %L) are comma-separated, and start with the primary group which is not repeated. The %p and the %c and %C formats
       are not supported on all architecture implementations (printing 0 or empty string instead).
       Any other characters (preceded by %, and those not preceded by it) are printed literally. The "default" format is %u, and  you  should  not
       use anything else without the -o flag.
       Not implemented yet, but on my wish-list are the following:
	    %w	 print working (current) directory
	    %h	 print home (login, naming) directory
	    %e	 print the environment

       kernelfile defaults to the normally running kernel file.

       kmemfile defaults to the memory space of the normally running kernel.

UNDOCUMENTED FLAGS

       The -v flag enables more verbose output or messages. (Further occurences of the -v flag make things even more verbose.) Currently not used:
       ignored.

       The -f<config-file> option causes identd to use the named config file (instead of the default /etc/identd.conf  ?).   Currently	not  used:
       ignored, no config files are used.

       The -r<indirect_host> option is used in some way (for proxy queries?).

       The -C<keyfile> option is used in some way for DES encryption.

INSTALLATION

       identd  is  invoked  either by the internet server (see inetd(8C) ) for requests to connect to the IDENT port as indicated by the /etc/ser-
       vices file (see services(5) ) when using the -w or -i modes of operation or started manually by using the -b mode of operation.

EXAMPLES

       Assuming the server is located in /usr/etc/in.identd one can put either:

       ident stream tcp wait sys /usr/etc/in.identd in.identd -w -t120

       or:

       ident stream tcp nowait sys /usr/etc/in.identd in.identd -i

       into the /etc/inetd.conf file. User "sys" should have enough rights to READ the kernel but NOT to write to it.

       To start it using the -b mode of operation one can put a line like this into the /etc/rc.local file:

       /usr/etc/in.identd -b -u2 -g2

       This will make it run in the background as user 2, group 2 (user "sys", group "kmem" on SunOS 4.1.1).

NOTES

       The username (or UID) returned ought to be the login name. However it (probably, for most architecture implementations) is the  "real  user
       ID"  as	stored	with the process; there is no provision for returning the "effective user ID". Thus the UID returned may be different from
       the login name for setuid programs (or those running as root) which done a setuid(3) call and their children. For example, it may (should?)
       be  wrong  for an incoming ftpd ; and we are probably interested in the running shell, not the telnetd for an incoming telnet session. (But
       of course identd returns info for outgoing connections, not incoming ones.)

       The group or list of groups returned (with the -F option) are as looked up in the /etc/passwd  and  /etc/group  files,  based  on  the  UID
       returned. Thus these may not relate well to the group(s) of the running process for setuid or setgid programs or their children.

       The command names returned with formats %c and %C may be different, use one or the other or both.

FILES

       /etc/identd.conf
	      This file is as yet un-used, but will eventually contain configuration options for identd

       /etc/identd.key
	      If compiled with -ldes this file can be used to specify a secret key for encrypting replies.

SEE ALSO

       authuser(3) , inetd.conf(5) , idecrypt(8)

BUGS

       The handling of fatal errors could be better.

								    27 May 1992 							 IDENTD(8)
All times are GMT -4. The time now is 09:38 PM.
Unix & Linux Forums Content Copyright 1993-2022. All Rights Reserved.
Privacy Policy