# This is part 09 of a multipart archive.
for dir in $PATH
if test "$gettext_dir" = FAILED && test -f $dir/gettext \
&& ($dir/gettext --version >/dev/null 2>&1)
set `$dir/gettext --version 2>&1`
if test "$3" = GNU
if test "$locale_dir" = FAILED && test -f $dir/shar \
&& ($dir/shar --print-text-domain-dir >/dev/null 2>&1)
if test "$locale_dir" = FAILED || test "$gettext_dir" = FAILED
touch -am 1231235999 $$.touch >/dev/null 2>&1
if test ! -f 1231235999 && test -f $$.touch; then
$echo 'WARNING: not restoring timestamps. Consider getting and'
$echo "installing GNU \`touch', distributed in GNU File Utilities..."
rm -f 1231235999 $$.touch
if mkdir _sh08724; then
$echo 'x -' 'creating lock directory'
$echo 'failed to create lock directory'
# ============= pidentd-2.7/identd.8 ==============
if test ! -d 'pidentd-2.7'; then
$echo 'x -' 'creating directory' 'pidentd-2.7'
if test -f 'pidentd-2.7/identd.8' && test "$first_param" != -c; then
$echo 'x -' SKIPPING 'pidentd-2.7/identd.8' '(file already exists)'
$echo 'x -' extracting 'pidentd-2.7/identd.8' '(text)'
sed 's/^X//' << 'SHAR_EOF' > 'pidentd-2.7/identd.8' &&
X.\" @(#)identd.8 1.9 92/02/11 Lysator
X.\" Copyright (c) 1992 Peter Eriksson, Lysator, Linkoping University.
X.\" This software has been released into the public domain.
X.TH IDENTD 8 "27 May 1992"
identd, in.identd \- TCP/IP IDENT protocol server
X.RB [ \-i | \-w | \-b ]
X.RB [ \-t<seconds> ]
X.RB [ \-u<uid> ]
X.RB [ \-g<gid> ]
X.RB [ \-p<port> ]
X.RB [ \-a<address> ]
X.RB [ \-c<charset> ]
X.RB [ \-C [ <keyfile> ]]
X.RB [ \-o ]
X.RB [ \-e ]
X.RB [ \-l ]
X.RB [ \-V ]
X.RB [ \-m ]
X.RB [ \-N ]
X.RB [ \-d ]
X.RB [ \-F<format> ]
X.RB [ "kernelfile" [ "kmemfile" ] ]
X.IX "identd daemon" "" \fLidentd\fP daemon"
is a server which implements the
user identification protocol as specified in the
X.SM RFC\s0 1413
operates by looking up specific
connections and returning the user name of the
process owning the connection. It can optionally
return other information instead of a user name.
flag, which is the default mode, should be used when starting the
with the "nowait" option in the
file. Use of this mode will make
daemon for each connection request.
flag should be used when starting the daemon from
with the "wait" option in the
file . This is the prefered mode of
operation since that will start a copy of
at the first connection request and then
will handle subsequent requests
without having to do the nlist lookup in the kernel file for
every request as in the
mode above. The
daemon will run either forever, until a bug
makes it crash or a timeout, as specified by the
flag can be used to make the daemon run in standalone mode without
the assistance from
This mode is the least prefered mode since
a bug or any other fatal condition in the server will make it terminate
and it will then have to be restarted manually. Other than that it has the
same advantage as the
mode in that it parses the nlist only once.
option is used to specify the timeout limit. This is the number
of seconds a server started with the
flag will wait for new connections before terminating. The server is
automatically restarted by
whenever a new connection is requested
if it has terminated. A suitable value for this is 120 (2 minutes), if
used. It defaults to no timeout (i.e. will wait forever, or until a
fatal condition occurs in the server).
option is used to specify a user id number which the
switch to after binding itself to the
port if using the
mode of operation.
option is used to specify a group id number which the
switch to after binding itself to the
port if using the
mode of operation.
option is used to specify an alternative port number to bind to if using
mode of operation. It can be specified by name or by number. Defaults to the
option is used to specify the local address to bind the socket to if using
mode of operation. Can only be specified by IP address and not by domain
name. Defaults to the
address which normally means all local addresses.
display the version number and then exit.
to use the System logging daemon
for logging purposes.
to not reveal the operating system type it is run on and to instead
always return "OTHER".
to always return "UNKNOWN-ERROR" instead of the "NO-USER" or
to add the optional (according to the IDENT protocol) character set
designator to the reply generated.
should be a valid character set as described in the MIME RFC in upper
X.BR \-C [ <keyfile> ]
to return encrypted tokens instead of user names.
The local and remote IP
addresses and TCP port numbers, the local user's uid number, a timestamp,
a random number, and a checksum, are all encrypted using DES
with a secret key derived from the first line of the
X.BR des_string_to_key (3)).
The encrypted binary information is then encoded in a base64 string
(32 characters in length) and enclosed in square brackets to produce
a token that is transmitted to the remote client.
The encrypted token can later be decrypted by
X.BR idecrypt (8).
There may not be a space between the
and the name of the
X.IR keyfile .
is not specified, it defaults to
X.BR /etc/identd.key .
to always return user numbers instead of user names if you wish to
keep the user names a secret.
check for a file ".noident" in each homedirectory for a user which the
daemon is about to return the user name for. It that file exists then the
daemon will give the error
instead of the normal USERID response.
use a mode of operation that will allow multiple requests to be
processed per session. Each request is specified one per line and
the responses will be returned one per line. The connection will not
be closed until the connecting part closes it's end of the line.
PLEASE NOTE THAT THIS MODE VIOLATES THE PROTOCOL SPECIFICATION AS
IT CURRENTLY STANDS.
flag enables some debugging code that normally should NOT
be enabled since that breaks the protocol and may reveal information
that should not be available to outsiders.
use the specified format to display info. The allowed format specifiers are:
%u print user name
%U print user number
%g print (primary) group name
%G print (primary) group number
%l print list of all groups by name
%L print list of all groups by number
%p print process ID of running process
%c print command name
%C print command and arguments
The lists of groups (%l, %L) are comma-separated, and start with the primary
group which is not repeated. The %p and the %c and %C formats are not
supported on all architecture implementations (printing 0 or empty string
Any other characters (preceded by %, and those not preceded by it) are
printed literally. The "default" format is %u, and you should not use
anything else without the
Not implemented yet, but on my wish-list are the following:
%w print working (current) directory
%h print home (login, naming) directory
%e print the environment
defaults to the normally running kernel file.
defaults to the memory space of the normally running kernel.
X.SH UNDOCUMENTED FLAGS
flag enables more verbose output or messages. (Further occurences of the
flag make things even more verbose.) Currently not used: ignored.
to use the named config file (instead of the default /etc/identd.conf ?).
Currently not used: ignored, no config files are used.
option is used in some way (for proxy queries?).
option is used in some way for DES encryption.
is invoked either by the internet server (see
X.BR inetd (8C)
) for requests to connect to the
port as indicated by the
X.BR services (5)
) when using the
modes of operation or started manually by using the
mode of operation.
Assuming the server is located in
one can put either:
ident stream tcp wait sys /usr/etc/in.identd in.identd -w -t120
ident stream tcp nowait sys /usr/etc/in.identd in.identd -i
file. User "sys" should have enough rights to READ the kernel
but NOT to write to it.
To start it using the
mode of operation one can put a line like this into the
/usr/etc/in.identd -b -u2 -g2
This will make it run in the background as user 2, group 2 (user "sys",
group "kmem" on SunOS 4.1.1).
The username (or UID) returned ought to be the login name. However it
(probably, for most architecture implementations) is the "real user ID" as
stored with the process; there is no provision for returning the "effective
user ID". Thus the UID returned may be different from the login name for
setuid programs (or those running as root) which done a
X.BR setuid (3)
call and their children. For example, it may (should?) be wrong for an
; and we are probably interested in the running shell, not the
for an incoming telnet session. (But of course
returns info for outgoing connections, not incoming ones.)
The group or list of groups returned (with the
option) are as looked up in the
files, based on the UID returned. Thus these may not relate well to the
group(s) of the running process for setuid or setgid programs or their
The command names returned with formats %c and %C may be different, use
one or the other or both.
This file is as yet un-used, but will eventually contain configuration
If compiled with
this file can be used to specify a secret key for encrypting replies.
X.SH "SEE ALSO"
X.BR authuser (3)
X.BR inetd.conf (5)
X.BR idecrypt (8)
The handling of fatal errors could be better.
$shar_touch -am 0811230996 'pidentd-2.7/identd.8' &&
chmod 0644 'pidentd-2.7/identd.8' ||
$echo 'restore of' 'pidentd-2.7/identd.8' 'failed'
if ( md5sum --help 2>&1 | grep 'sage: md5sum \[' ) >/dev/null 2>&1 \
&& ( md5sum --version 2>&1 | grep -v 'textutils 1.12' ) >/dev/null; then
md5sum -c << SHAR_EOF >/dev/null 2>&1 \
|| $echo 'pidentd-2.7/identd.8:' 'MD5 check failed'
shar_count="`LC_ALL= LC_CTYPE= LANG= wc -c < 'pidentd-2.7/identd.8'`"
test 9931 -eq "$shar_count" ||
$echo 'pidentd-2.7/identd.8:' 'original size' '9931,' 'current size' "$shar_count!"
rm -fr _sh08724