[apple/network_cmds.git] / identd.tproj / identd.8

.\" @(#)identd.8 1.9 92/02/11 Lysator
.\" Copyright (c) 1992 Peter Eriksson, Lysator, Linkoping University.
.\" This software has been released into the public domain.
.\"
.\"	$Id: identd.8,v 1.2 2002/03/29 01:34:27 bbraun Exp $
.\"
.TH IDENTD 8 "27 May 1992"
.SH NAME
identd \- TCP/IP IDENT protocol server
.SH SYNOPSIS
.B identd
.RB [ \-i | \-w | \-b ]
.RB [ \-t<seconds> ]
.RB [ \-u<uid> ]
.RB [ \-g<gid> ]
.RB [ \-p<port> ]
.RB [ \-a<address> ]
.RB [ \-c<charset> ]
.RB [ \-n ]
.RB [ \-o ]
.RB [ \-e ]
.RB [ \-l ]
.RB [ \-V ]
.RB [ \-v ]
.RB [ \-m ]
.RB [ \-N ]
.RB [ \-d ]
.RB [ kernelfile [ kmemfile ] ]
.SH DESCRIPTION
.IX "identd daemon" "" \fLidentd\fP daemon"
.B identd
is a server which implements the
.SM TCP/IP
proposed standard
.SM IDENT
user identification protocol as specified in the
.SM RFC\s0 1413
document.
.PP
.B identd
operates by looking up specific
.SM TCP/IP
connections and returning the user name of the
process owning the connection.
.SH ARGUMENTS
The
.B -i
flag, which is the default mode, should be used when starting the
daemon from
.B inetd
with the "nowait" option in the
.B /etc/inetd.conf
file. Use of this mode will make
.B inetd
start one
.B identd
daemon for each connection request.
.PP
The
.B -w
flag should be used when starting the daemon from
.B inetd
with the "wait" option in the
.B /etc/inetd.conf
file . This is the preferred mode of
operation since that will start a copy of
.B identd
at the first connection request and then
.B identd
will handle subsequent requests
without having to do the nlist lookup in the kernel file for
every request as in the
.B -i
mode above. The
.B identd
daemon will run either forever, until a bug
makes it crash or a timeout, as specified by the
.B -t
flag, occurs.
.PP
The
.B -b
flag can be used to make the daemon run in standalone mode without
the assistance from
.B inetd.
This mode is the least preferred mode since
a bug or any other fatal condition in the server will make it terminate
and it will then have to be restarted manually. Other than that is has the
same advantage as the
.B -w
mode in that it parses the nlist only once.
.PP
The
.B -t<seconds>
option is used to specify the timeout limit. This is the number
of seconds a server started with the
.B -w
flag will wait for new connections before terminating. The server is
automatically restarted by
.B inetd
whenever a new connection is requested
if it has terminated. A suitable value for this is 120 (2 minutes), if
used. It defaults to no timeout (ie, will wait forever, or until a
fatal condition occurs in the server).
.PP
The
.B -u<uid>
option is used to specify a user id number which the
.B ident
server should
switch to after binding itself to the
.SM TCP/IP
port if using the
.B -b
mode of operation.
.PP
The
.B -g<gid>
option is used to specify a group id number which the
.B ident
server should
switch to after binding itself to the
.SM TCP/IP
port if using the
.B -b
mode of operation.
.PP
The
.B -p<port>
option is used to specify an alternative port number to bind to if using
the
.B -b
mode of operation. It can be specified by name or by number. Defaults to the
.SM IDENT
port (113).
.PP
The
.B -a<address>
option is used to specify the local address to bind the socket to if using
the
.B -b
mode of operation. Can only be specified by IP address and not by domain
name. Defaults to the 
.SM INADDR_ANY
address which normally means all local addresses.
.PP
The 
.B -V
flag makes
.B identd
display the version number and the exit.
.PP
The
.B -l
flag tells
.B identd
to use the System logging daemon
.B syslogd
for logging purposes.
.PP
The 
.B -v
flag causes
.B identd
to log every request made, if the use of
.B syslogd
is enabled.
.PP
The
.B -o
flag tells
.B identd
to not reveal the operating system type it is run on and to instead
always return "OTHER".
.PP
The
.B -e
flag tells
.B identd
to always return "UNKNOWN-ERROR" instead of the "NO-USER" or
"INVALID-PORT" errors.
.PP
The
.B -c<charset>
flags tells
.B identd
to add the optional (according to the IDENT protocol) character set
designator to the reply generated. <charset> should be a valid character
set as described in the MIME RFC in upper case characters.
.PP
The
.B -n
flags tells
.B identd
to always return user numbers instead of user names if you wish to
keep the user names a secret.
.PP
The
.B -N
flag makes
.B identd
check for a file ".noident" in each homedirectory for a user which the
daemon is about to return the user name for. It that file exists then the
daemon will give the error
.B HIDDEN-USER
instead of the normal USERID response. 
.PP
.B -m
flag makes
.B identd
use a mode of operation that will allow multiple requests to be
processed per session. Each request is specified one per line and
the responses will be returned one per line. The connection will not
be closed until the connecting part closes it's end of the line.
PLEASE NOTE THAT THIS MODE VIOLATES THE PROTOCOL SPECIFICATION AS
IT CURRENTLY STANDS.
.PP
The
.B -d
flag enables some debugging code that normally should NOT
be enabled since that breaks the protocol and may reveal information
that should not be available to outsiders.
.PP
.B kernelfile
defaults to the normally running kernel file.
.PP
.B kmemfile
defaults to the memory space of the normally running kernel.
.SH SEE ALSO
.BR inetd.conf (5)
.SH BUGS
The handling of fatal errors could be better.
.PP
If the
.B -N
flag is specified and a user's ".noident" file is not accessible,
then ident information regarding that user will be returned
if requested.
Commit	Line	Data
b7080c8e A	1	.\" @(#)identd.8 1.9 92/02/11 Lysator
	2	.\" Copyright (c) 1992 Peter Eriksson, Lysator, Linkoping University.
	3	.\" This software has been released into the public domain.
	4	.\"
7ba0088d	5	.\" $Id: identd.8,v 1.2 2002/03/29 01:34:27 bbraun Exp $
b7080c8e A	6	.\"
	7	.TH IDENTD 8 "27 May 1992"
	8	.SH NAME
	9	identd \- TCP/IP IDENT protocol server
	10	.SH SYNOPSIS
	11	.B identd
	12	.RB [ \-i \| \-w \| \-b ]
	13	.RB [ \-t<seconds> ]
	14	.RB [ \-u<uid> ]
	15	.RB [ \-g<gid> ]
	16	.RB [ \-p<port> ]
	17	.RB [ \-a<address> ]
	18	.RB [ \-c<charset> ]
	19	.RB [ \-n ]
	20	.RB [ \-o ]
	21	.RB [ \-e ]
	22	.RB [ \-l ]
	23	.RB [ \-V ]
	24	.RB [ \-v ]
	25	.RB [ \-m ]
	26	.RB [ \-N ]
	27	.RB [ \-d ]
	28	.RB [ kernelfile [ kmemfile ] ]
	29	.SH DESCRIPTION
	30	.IX "identd daemon" "" \fLidentd\fP daemon"
	31	.B identd
	32	is a server which implements the
	33	.SM TCP/IP
	34	proposed standard
	35	.SM IDENT
	36	user identification protocol as specified in the
	37	.SM RFC\s0 1413
	38	document.
	39	.PP
	40	.B identd
	41	operates by looking up specific
	42	.SM TCP/IP
	43	connections and returning the user name of the
	44	process owning the connection.
	45	.SH ARGUMENTS
	46	The
	47	.B -i
	48	flag, which is the default mode, should be used when starting the
	49	daemon from
	50	.B inetd
	51	with the "nowait" option in the
	52	.B /etc/inetd.conf
	53	file. Use of this mode will make
	54	.B inetd
	55	start one
	56	.B identd
	57	daemon for each connection request.
	58	.PP
	59	The
	60	.B -w
	61	flag should be used when starting the daemon from
	62	.B inetd
	63	with the "wait" option in the
	64	.B /etc/inetd.conf
7ba0088d	65	file . This is the preferred mode of
b7080c8e A	66	operation since that will start a copy of
	67	.B identd
	68	at the first connection request and then
	69	.B identd
	70	will handle subsequent requests
	71	without having to do the nlist lookup in the kernel file for
	72	every request as in the
	73	.B -i
	74	mode above. The
	75	.B identd
	76	daemon will run either forever, until a bug
	77	makes it crash or a timeout, as specified by the
	78	.B -t
	79	flag, occurs.
	80	.PP
	81	The
	82	.B -b
	83	flag can be used to make the daemon run in standalone mode without
	84	the assistance from
	85	.B inetd.
7ba0088d	86	This mode is the least preferred mode since
b7080c8e A	87	a bug or any other fatal condition in the server will make it terminate
	88	and it will then have to be restarted manually. Other than that is has the
	89	same advantage as the
	90	.B -w
	91	mode in that it parses the nlist only once.
	92	.PP
	93	The
	94	.B -t<seconds>
	95	option is used to specify the timeout limit. This is the number
	96	of seconds a server started with the
	97	.B -w
	98	flag will wait for new connections before terminating. The server is
	99	automatically restarted by
	100	.B inetd
	101	whenever a new connection is requested
	102	if it has terminated. A suitable value for this is 120 (2 minutes), if
	103	used. It defaults to no timeout (ie, will wait forever, or until a
	104	fatal condition occurs in the server).
	105	.PP
	106	The
	107	.B -u<uid>
	108	option is used to specify a user id number which the
	109	.B ident
	110	server should
	111	switch to after binding itself to the
	112	.SM TCP/IP
	113	port if using the
	114	.B -b
	115	mode of operation.
	116	.PP
	117	The
	118	.B -g<gid>
	119	option is used to specify a group id number which the
	120	.B ident
	121	server should
	122	switch to after binding itself to the
	123	.SM TCP/IP
	124	port if using the
	125	.B -b
	126	mode of operation.
	127	.PP
	128	The
	129	.B -p<port>
	130	option is used to specify an alternative port number to bind to if using
	131	the
	132	.B -b
	133	mode of operation. It can be specified by name or by number. Defaults to the
	134	.SM IDENT
	135	port (113).
	136	.PP
	137	The
	138	.B -a<address>
	139	option is used to specify the local address to bind the socket to if using
	140	the
	141	.B -b
	142	mode of operation. Can only be specified by IP address and not by domain
	143	name. Defaults to the
	144	.SM INADDR_ANY
	145	address which normally means all local addresses.
	146	.PP
	147	The
	148	.B -V
	149	flag makes
	150	.B identd
151	display the version number and the exit.
152	.PP
153	The
154	.B -l
155	flag tells
156	.B identd
157	to use the System logging daemon
158	.B syslogd
159	for logging purposes.
160	.PP
161	The
162	.B -v
163	flag causes
164	.B identd
165	to log every request made, if the use of
166	.B syslogd
167	is enabled.
168	.PP
169	The
170	.B -o
171	flag tells
172	.B identd
173	to not reveal the operating system type it is run on and to instead
174	always return "OTHER".
175	.PP
176	The
177	.B -e
178	flag tells
179	.B identd
180	to always return "UNKNOWN-ERROR" instead of the "NO-USER" or
181	"INVALID-PORT" errors.
182	.PP
183	The
184	.B -c<charset>
185	flags tells
186	.B identd
187	to add the optional (according to the IDENT protocol) character set
188	designator to the reply generated. <charset> should be a valid character
189	set as described in the MIME RFC in upper case characters.
190	.PP
191	The
192	.B -n
193	flags tells
194	.B identd
195	to always return user numbers instead of user names if you wish to
196	keep the user names a secret.
197	.PP
198	The
199	.B -N
200	flag makes
201	.B identd
202	check for a file ".noident" in each homedirectory for a user which the
203	daemon is about to return the user name for. It that file exists then the
204	daemon will give the error
205	.B HIDDEN-USER
206	instead of the normal USERID response.
207	.PP
208	.B -m
209	flag makes
210	.B identd
211	use a mode of operation that will allow multiple requests to be
212	processed per session. Each request is specified one per line and
213	the responses will be returned one per line. The connection will not
214	be closed until the connecting part closes it's end of the line.
215	PLEASE NOTE THAT THIS MODE VIOLATES THE PROTOCOL SPECIFICATION AS
216	IT CURRENTLY STANDS.
217	.PP
218	The
219	.B -d
220	flag enables some debugging code that normally should NOT
221	be enabled since that breaks the protocol and may reveal information
222	that should not be available to outsiders.
223	.PP
224	.B kernelfile
225	defaults to the normally running kernel file.
226	.PP
227	.B kmemfile
228	defaults to the memory space of the normally running kernel.
229	.SH SEE ALSO
230	.BR inetd.conf (5)
231	.SH BUGS
232	The handling of fatal errors could be better.
233	.PP
234	If the
235	.B -N
236	flag is specified and a user's ".noident" file is not accessible,
237	then ident information regarding that user will be returned
238	if requested.