NAME
identd — 
TCP/IP Ident protocol
  server
SYNOPSIS
  
    
    
  
  
    | identd | [-46beIilNnr]
      [-a
      address]
      [-c
      charset]
      [-F
      format]
      [-f
      username]
      [-g uid]
      [-L
      username]
      [-m
      filter]
      [-o
      osname]
      [-P
      address]
      [-p
      portno]
      [-t
      seconds]
      [-u
      uid] | 
DESCRIPTION
identd is a TCP/IP server which implements the user
  identification protocol as specified in RFC 1413.
identd operates by looking up specific TCP/IP connections and
  returning information which may or may not be associated with the process
  owning the connection.
The following options are available:
  -  
-  
- -4
- Bind to IPv4 addresses only (valid with flag
      -b).
-  
-  
- -6
- Bind to IPv6 addresses only (valid with flag
      -b).
-  
-  
- -a
    address
- Bind to the specified address. This
      may be an IPv4 or IPv6 address or even a hostname. If a hostname is
      specified then identd will resolve it to an address (or
      addresses) and will bind this address (valid with flag
      -b).
-  
-  
- -b
- Run in the background (as daemon).
-  
-  
- -c
    charset
- Specify an optional character set designator to be included
      in replies. charset should be a valid charset set as
      described in the MIME RFC in upper case characters.
-  
-  
- -e
- Return “UNKNOWN-ERROR” instead of the usual
      “NO-USER” or “INVALID-PORT” error replies.
-  
-  
- -F
    format
- Specify the format to display info. The allowed format
      specifiers are:
    
    
    
%u	print user name 
%U	print user number 
%g	print (primary) group name 
%G	print (primary) group number 
%l	print list of all groups by name 
%L	print list of all groups by number
    
 The lists of groups (%l, %L) are comma-separated, and start with the primary
      group which is not repeated. Any other characters (preceded by %, and
      those not preceded by it) are printed literally.
-  
-  
- -f
    username
- Specify a fall back username. If the
      lookup fails then this username will be returned. This can be useful for
      when running this service on a NAT host and not using the forward/proxy
      functionality.
-  
-  
- -g
    gid
- Specify the group id number or name which the server should
      switch to after binding itself to the TCP/IP port.
-  
-  
- -I
- Same as -i but without the restriction
      that the username in .ident must not match an existing
      user.
-  
-  
- -i
- If the .ident file exists in the home
      directory of the identified user, return the username found in that file
      instead of the real username. If the username found in
      .ident is that of an existing user, then the real
      username will be returned.
-  
-  
- -L
    username
- Specify a “lie” username.
      identd will return this name for all valid ident
      requests.
-  
-  
- -l
- Use
      syslogd(8) for logging
      purposes.
-  
-  
- -m
    filter
- Enables forwarding of ident queries. The
      filter argument specifies which packet filter should
      be used to lookup the connections, currently ‘ipfilter’,
      ‘npf’, and ‘pf’ are supported packet filters. Note
      that identd changes the ident queries to use the local
      port on the NAT host instead of the local port on the forwarding host.
      This is needed because otherwise we can't do a lookup on the proxy host.
      On the proxy host, “proxy mode” should be enabled with the
      -P flag or “lying mode” with the
      -L flag.
-  
-  
- -N
- Enable .noident files. If this file
      exists in the home directory of the identified user then return
      “HIDDEN-USER” instead of the normal USERID response.
-  
-  
- -n
- Return numeric user IDs instead of usernames.
-  
-  
- -o
    osname
- Return osname instead of the default
      “UNIX”.
-  
-  
- -P
    address
- Specify a proxy server which will be used to receive
      proxied ident queries from. See also the -m flag how
      this operates.
-  
-  
- -p
    portno
- Specify an alternative port number under which the server
      should run. The default is port 113 (valid with flag
      -b).
-  
-  
- -r
- Return a random name of alphanumeric characters. If the
      -n flag is also enabled then a random number will be
      returned.
-  
-  
- -t
    seconds
- Specify a timeout for the service. The default timeout is
      30 seconds.
-  
-  
- -u
    uid
- Specify the user id number or name to which the server
      should switch after binding itself to the TCP/IP port.
FILES
/etc/inetd.conf
EXAMPLES
identd operates from
  
inetd(8) or as standalone daemon.
  Put the following lines into
  
inetd.conf(5) to enable
  
identd as an IPv4 and IPv6 service via inetd:
ident stream tcp nowait nobody /usr/libexec/identd identd -l
ident stream tcp6 nowait nobody /usr/libexec/identd identd -l
To run 
identd as standalone daemon, use the
  
-b flag.
SEE ALSO
inetd.conf(5),
  
inetd(8)
AUTHORS
This implementation of 
identd is written by
  
Peter Postma ⟨peter@NetBSD.org⟩.
CAVEATS
Since 
identd should typically not be run as a privileged user
  or group, 
.ident files for use when running with the
  
-I or 
-i flags will need to be world
  accessible. The same applies for 
.noident files when running
  with the 
-N flag.
When forwarding is enabled with the 
-m flag then
  
identd will need access to either
  
/dev/ipnat (ipfilter), 
/dev/pf (pf), or
  
/dev/npf. Since it's not a good idea to run
  
identd under root, you'll need to adjust group
  owner/permissions to the device(s) and run 
identd under that
  group.