Home Man
Today's Posts

Linux & Unix Commands - Search Man Pages
Man Page or Keyword Search:
Select Section of Man Page:
Select Man Page Repository:

NetBSD 6.1.5 - man page for identd (netbsd section 8)

IDENTD(8)			   BSD System Manager's Manual				IDENTD(8)

     identd -- TCP/IP Ident protocol server

     identd [-46beIilNnr] [-a address] [-c charset] [-F format] [-f username] [-g uid]
	    [-L username] [-m filter] [-o osname] [-P address] [-p portno] [-t seconds] [-u uid]

     identd is a TCP/IP server which implements the user identification protocol as specified in
     RFC 1413.

     identd operates by looking up specific TCP/IP connections and returning information which
     may or may not be associated with the process owning the connection.

     The following options are available:

     -4 	   Bind to IPv4 addresses only (valid with flag -b).

     -6 	   Bind to IPv6 addresses only (valid with flag -b).

     -a address    Bind to the specified address.  This may be an IPv4 or IPv6 address or even a
		   hostname.  If a hostname is specified then identd will resolve it to an
		   address (or addresses) and will bind this address (valid with flag -b).

     -b 	   Run in the background (as daemon).

     -c charset    Specify an optional character set designator to be included in replies.
		   charset should be a valid charset set as described in the MIME RFC in upper
		   case characters.

     -e 	   Return ``UNKNOWN-ERROR'' instead of the usual ``NO-USER'' or ``INVALID-PORT''
		   error replies.

     -F format	   Specify the format to display info.	The allowed format specifiers are:

		   %u	   print user name
		   %U	   print user number
		   %g	   print (primary) group name
		   %G	   print (primary) group number
		   %l	   print list of all groups by name
		   %L	   print list of all groups by number

		   The lists of groups (%l, %L) are comma-separated, and start with the primary
		   group which is not repeated.  Any other characters (preceded by %, and those
		   not preceded by it) are printed literally.

     -f username   Specify a fall back username.  If the lookup fails then this username will be
		   returned.  This can be useful for when running this service on a NAT host and
		   not using the forward/proxy functionality.

     -g gid	   Specify the group id number or name which the server should switch to after
		   binding itself to the TCP/IP port.

     -I 	   Same as -i but without the restriction that the username in .ident must not
		   match an existing user.

     -i 	   If the .ident file exists in the home directory of the identified user, return
		   the username found in that file instead of the real username.  If the username
		   found in .ident is that of an existing user, then the real username will be

     -L username   Specify a ``lie'' username.	identd will return this name for all valid ident

     -l 	   Use syslogd(8) for logging purposes.

     -m filter	   Enables forwarding of ident queries.  The filter argument specifies which
		   packet filter should be used to lookup the connections, currently 'pf' and
		   'ipfilter' are supported packet filters.  Note that identd changes the ident
		   queries to use the local port on the NAT host instead of the local port on the
		   forwarding host.  This is needed because otherwise we can't do a lookup on the
		   proxy host.	On the proxy host, ``proxy mode'' should be enabled with the -P
		   flag or ``lying mode'' with the -L flag.

     -N 	   Enable .noident files.  If this file exists in the home directory of the iden-
		   tified user then return ``HIDDEN-USER'' instead of the normal USERID response.

     -n 	   Return numeric user IDs instead of usernames.

     -o osname	   Return osname instead of the default ``UNIX''.

     -P address    Specify a proxy server which will be used to receive proxied ident queries
		   from.  See also the -m flag how this operates.

     -p portno	   Specify an alternative port number under which the server should run.  The
		   default is port 113 (valid with flag -b).

     -r 	   Return a random name of alphanumeric characters.  If the -n flag is also
		   enabled then a random number will be returned.

     -t seconds    Specify a timeout for the service.  The default timeout is 30 seconds.

     -u uid	   Specify the user id number or name to which the server should switch after
		   binding itself to the TCP/IP port.


     identd operates from inetd(8) or as standalone daemon.  Put the following lines into
     inetd.conf(5) to enable identd as an IPv4 and IPv6 service via inetd:

     ident stream tcp nowait nobody /usr/libexec/identd identd -l

     ident stream tcp6 nowait nobody /usr/libexec/identd identd -l

     To run identd as standalone daemon, use the -b flag.

     inetd.conf(5), inetd(8)

     This implementation of identd is written by Peter Postma <peter@NetBSD.org>.

     Since identd should typically not be run as a privileged user or group, .ident files for use
     when running with the -I or -i flags will need to be world accessible.  The same applies for
     .noident files when running with the -N flag.

     When forwarding is enabled with the -m flag then identd will need access to either /etc/pf
     (pf) or /etc/ipnat (ipfilter).  Since it's not a good idea to run identd under root, you'll
     need to adjust group owner/permissions to the device(s) and run identd under that group.

BSD					  April 4, 2005 				      BSD

All times are GMT -4. The time now is 07:45 PM.

Unix & Linux Forums Content Copyrightę1993-2018. All Rights Reserved.
Show Password

Not a Forum Member?
Forgot Password?