Identd

From ArchWiki
Jump to navigation Jump to search

Tango-edit-clear.pngThis article or section needs language, wiki syntax or style improvements. See Help:Style for reference.Tango-edit-clear.png

Reason: Unnecessary use of ordered lists; other style issues, see Help:Style. (Discuss in Talk:Identd#)

The Ident service as specified by RFC 1413 is mostly used by various IRC networks and the occasional old FTP server to ask a remote server which user is making a connection. This method is quite untrustworthy, as the remote host can simply choose to lie.

So you have two choices:

  1. Tell the truth (see #oidentd below)
  2. Tell a little white lie (see nullidentdmod or nullidentd below)

oidentd

See oidentd.

If all went well, you should have the auth service running on port 113. A good way of checking this is by installing nmap (if you do not have it already) and typing

$ nmap localhost

nullIdentdMod

Install the nullidentdmodAUR package.

Then enable and start nullidentdmod.socket.

Check if is working here[dead link 2020-03-29 ⓘ].

As is, nullidentdmod will return a random userid.

Customization

Tango-edit-clear.pngThis article or section needs language, wiki syntax or style improvements. See Help:Style for reference.Tango-edit-clear.png

Reason: Creating a drop-in file would be better. (Discuss in Talk:Identd#)

Create a replacement unit file for nullidentdmod@.service:

# systemctl edit --full nullidentdmod@.service

At line 6, write desired userid

[Unit]                                   
Description=NullidentdMod service        
                                         
[Service]                                
User=nobody                              
ExecStart=/usr/bin/nullidentdmod <userid>
StandardInput=socket                     
StandardOutput=socket                    
                                         
[Install]                                
WantedBy=multi-user.target               

Obviously where <userid> you put your custom userid.

Check if is working here[dead link 2020-03-29 ⓘ]

nullIdent

This Ident server is capable of only returning the same name for any query. With a quick change to a single line of code, it can be customized to return any name you can think. One use for such a simple service would be for IRC client connections to ensure a degree of privacy (remote IRC server and users do not know your username) as well as allowing a small degree of 'vanity plating' for use in IRC channels.

The original code suffered link rot, but may now be found on github, at this address https://github.com/dxtr/nullidentd.

systemd activation

Create /etc/systemd/system/identd@.service, Add the following:

/etc/systemd/system/identd@.service
[Unit]
Description=per connection null identd
 
[Service]
User=nobody
ExecStart=/usr/local/sbin/nullidentd
StandardInput=socket
StandardOutput=socket

Then create /etc/systemd/system/ident.socket, Add the following:

/etc/systemd/system/ident.socket
[Unit]
Description=socket for ident
 
[Socket]
ListenStream=113
Accept=yes
 
[Install]
WantedBy=sockets.target

Inform systemd of the new files:

# systemctl daemon-reload

Test that the socket is listening sucessfully:

$ systemctl status ident.socket

this should yield output similar to the below

ident.socket - socket for ident
   Loaded: loaded (/etc/systemd/system/ident.socket; enabled)
   Active: active (listening) since Fri 2014-01-24 02:30:53 WST; 30 seconds ago
   Listen: [::]:113 (Stream)
 Accepted: 0; Connected: 0

Jan 24 02:30:53 HOSTNAME systemd[1]: Listening on socket for ident.