Difference between revisions of "Identd Setup"

From ArchWiki
Jump to: navigation, search
(Removing NullIdent)
(replace pidentd (no package available) by oidentd)
 
(23 intermediate revisions by 12 users not shown)
Line 1: Line 1:
 
[[Category:Networking]]
 
[[Category:Networking]]
 +
{{Style|Unnecessary use of ordered lists; other style issues, see [[Help:Style]].}}
 +
 
The Ident service as specified by RFC 1413 is mostly used by various IRC networks and the occasional old FTP server to ask a remote server which user is making a connection.
 
The Ident service as specified by RFC 1413 is mostly used by various IRC networks and the occasional old FTP server to ask a remote server which user is making a connection.
Any person with two brain cells to rub together should spot that this quite untrustworthy as the remote host can simply choose to lie.
+
This method is quite untrustworthy, as the remote host can simply choose to lie.
  
 
So you have two choices:
 
So you have two choices:
# Tell the truth (see pidentd below)
+
# Tell the truth (see [[#oidentd]] below)
# Tell a little white lie (see nullident below)
+
# Tell a little white lie (see nullidentmod or nullidentd below)
 +
 
 +
== oidentd ==
 +
 
 +
See [[oidentd]].
 +
 
 +
If all went well, you should have the auth service running on port 113.  A good way of checking this is by installing {{Pkg|nmap}}  (if you do not have it already) and typing
 +
$ nmap localhost
 +
 
 +
==nullIdentdMod==
 +
 
 +
'''1.''' [[Install]] the {{AUR|nullidentdmod-git}} package.
 +
 
 +
'''2.''' [[Enable]] {{ic|nullidentdmod.socket}} on systemd.
 +
 
 +
'''3.''' [[Start]] {{ic|nullidentdmod.socket}} on systemd.
 +
 
 +
'''4.''' Check if is working [http://acidhub.click/NullidentdMod/ here].
 +
 
 +
As is nullidentdmod will return a random userid.
 +
 
 +
===Customization===
 +
'''1.''' Copy the unit for customization
 +
# cp /usr/lib/systemd/system/nullidentdmod@.service /etc/systemd/system/
 +
'''2.''' [[Edit]] {{ic|/etc/systemd/system/nullidentdmod@.service}} At line 6, write desired userid
 +
[Unit]                                 
 +
Description=NullidentdMod service       
 +
                                         
 +
[Service]                               
 +
User=nobody                             
 +
ExecStart=/usr/bin/nullidentdmod '''<userid>'''
 +
StandardInput=socket                   
 +
StandardOutput=socket                   
 +
                                         
 +
[Install]                               
 +
WantedBy=multi-user.target             
 +
 
 +
Obviously where <userid> you put your custom userid.
 +
 
 +
'''4.''' Check if is working [http://acidhub.click/NullidentdMod/ here]
 +
 
 +
==nullIdent==
 +
 
 +
This Ident server is capable of only returning the same name for any query. With a quick change to a single line of code, it can be customized to return any name you can think.
 +
One use for such a simple service would be for IRC client connections to ensure a degree of privacy (remote IRC server and users do not know your username) as well as allowing a small degree of 'vanity plating' for use in IRC channels.
 +
 
 +
The original code suffered link rot, but may now be found on github, at this address https://github.com/dxtr/nullidentd.
 +
 
 +
'''1.'''  clone the source to a directory of your choice using git.
 +
<nowiki>git clone https://github.com/dxtr/nullidentd</nowiki>
 +
 
 +
'''2.'''  Edit line 86 of nullidentd.c to your liking.
 +
use any text editor of your choice
 +
 
 +
example:
 +
nano nullidentd.c
 +
 
 +
'''3.''' Compile the binary.
 +
make
 +
 
 +
'''4.''' Install Binary
 +
You can move it to any location of your choice of course, but the FileSystem Hierarchy states the nullidentd binary should live in {{ic|/usr/local/sbin}}
 +
# mv nullidentd /usr/local/sbin
  
== pIdentd ==
+
===systemd activation===
Like most people, I prefer to run identd from from inetd instead of as a stand-alone service.  For this to work you will need to install two packages: xinetd and pidentd.  I tried this with oidentd but it does not seem to work with the latest xinetd.
+
Below are two files you need to create under {{ic|/etc/systemd/system/}}
  
1. Install needed software
+
'''1.''' identd@.service
  
{{bc|# pacman -S xinetd pidentd}}
+
[Unit]
 +
Description=per connection null identd
 +
 +
[Service]
 +
User=nobody
 +
ExecStart=/usr/local/sbin/nullidentd
 +
StandardInput=socket
 +
StandardOutput=socket
  
2. Next, you will need to paste the following into a new file and save it as {{ic|/etc/xinetd.d/auth}}
+
'''2.''' ident.socket
  
  service auth
+
  [Unit]
  {
+
  Description=socket for ident
      flags = REUSE
+
      socket_type = stream
+
[Socket]
      wait = no
+
ListenStream=113
      user = nobody
+
Accept=yes
      server = /usr/sbin/identd
+
      server_args = -m -N
+
[Install]
      log''on''failure += USERID
+
  WantedBy=sockets.target
      disable = no
+
  }
+
  
3. After you have saved the new file, run xinetd with the following command
+
'''3.''' inform SystemD  of the new files
 +
# systemctl daemon-reload
  
{{bc|# /etc/rc.d/xinetd start}}
+
'''4.''' Test that the socket is listening sucessfully
 +
$ systemctl status ident.socket
  
If all went well, you should have the auth service running on port 113.  A good way of checking this is by installing nmap (if you do not have it already) and typing
+
this should yield output similar to the below
{{bc|$ nmap localhost}}
+
  ident.socket - socket for ident
 +
    Loaded: loaded (/etc/systemd/system/ident.socket; enabled)
 +
    Active: active (listening) since Fri 2014-01-24 02:30:53 WST; 30 seconds ago
 +
    Listen: [::]:113 (Stream)
 +
  Accepted: 0; Connected: 0
 +
 +
Jan 24 02:30:53 HOSTNAME systemd[1]: Listening on socket for ident.

Latest revision as of 07:51, 20 October 2016

Tango-edit-clear.pngThis article or section needs language, wiki syntax or style improvements.Tango-edit-clear.png

Reason: Unnecessary use of ordered lists; other style issues, see Help:Style. (Discuss in Talk:Identd Setup#)

The Ident service as specified by RFC 1413 is mostly used by various IRC networks and the occasional old FTP server to ask a remote server which user is making a connection. This method is quite untrustworthy, as the remote host can simply choose to lie.

So you have two choices:

  1. Tell the truth (see #oidentd below)
  2. Tell a little white lie (see nullidentmod or nullidentd below)

oidentd

See oidentd.

If all went well, you should have the auth service running on port 113. A good way of checking this is by installing nmap (if you do not have it already) and typing

$ nmap localhost

nullIdentdMod

1. Install the nullidentdmod-gitAUR package.

2. Enable nullidentdmod.socket on systemd.

3. Start nullidentdmod.socket on systemd.

4. Check if is working here.

As is nullidentdmod will return a random userid.

Customization

1. Copy the unit for customization

# cp /usr/lib/systemd/system/nullidentdmod@.service /etc/systemd/system/

2. Edit /etc/systemd/system/nullidentdmod@.service At line 6, write desired userid

[Unit]                                   
Description=NullidentdMod service        
                                         
[Service]                                
User=nobody                              
ExecStart=/usr/bin/nullidentdmod <userid>
StandardInput=socket                     
StandardOutput=socket                    
                                         
[Install]                                
WantedBy=multi-user.target               

Obviously where <userid> you put your custom userid.

4. Check if is working here

nullIdent

This Ident server is capable of only returning the same name for any query. With a quick change to a single line of code, it can be customized to return any name you can think. One use for such a simple service would be for IRC client connections to ensure a degree of privacy (remote IRC server and users do not know your username) as well as allowing a small degree of 'vanity plating' for use in IRC channels.

The original code suffered link rot, but may now be found on github, at this address https://github.com/dxtr/nullidentd.

1. clone the source to a directory of your choice using git.

git clone https://github.com/dxtr/nullidentd

2. Edit line 86 of nullidentd.c to your liking. use any text editor of your choice

example:

nano nullidentd.c

3. Compile the binary.

make

4. Install Binary You can move it to any location of your choice of course, but the FileSystem Hierarchy states the nullidentd binary should live in /usr/local/sbin

# mv nullidentd /usr/local/sbin

systemd activation

Below are two files you need to create under /etc/systemd/system/

1. identd@.service

[Unit]
Description=per connection null identd

[Service]
User=nobody
ExecStart=/usr/local/sbin/nullidentd
StandardInput=socket
StandardOutput=socket

2. ident.socket

[Unit]
Description=socket for ident

[Socket]
ListenStream=113
Accept=yes

[Install]
WantedBy=sockets.target

3. inform SystemD of the new files

# systemctl daemon-reload

4. Test that the socket is listening sucessfully

$ systemctl status ident.socket

this should yield output similar to the below

ident.socket - socket for ident
   Loaded: loaded (/etc/systemd/system/ident.socket; enabled)
   Active: active (listening) since Fri 2014-01-24 02:30:53 WST; 30 seconds ago
   Listen: [::]:113 (Stream)
 Accepted: 0; Connected: 0

Jan 24 02:30:53 HOSTNAME systemd[1]: Listening on socket for ident.