Difference between revisions of "Identd Setup"

From ArchWiki
Jump to: navigation, search
(Removing NullIdent)
Line 34: Line 34:
 
If all went well, you should have the auth service running on port 113.  A good way of checking this is by installing nmap  (if you do not have it already) and typing
 
If all went well, you should have the auth service running on port 113.  A good way of checking this is by installing nmap  (if you do not have it already) and typing
 
{{bc|$ nmap localhost}}
 
{{bc|$ nmap localhost}}
 
== NullIdent ==
 
If all you are using ident for is IRC then you might as well try using nullident. Rather than return a truthful (and considered by some to be insecure) response, this ident server just returns the same response over and over, meaning a simple edit on line 86 and instant vanity plates for IRC!
 
 
To begin with, grab and unpack the source in your favorite source holding direction (I have a srcs folder in my $HOME)
 
 
$ mkdir nullident && cd nullident
 
$ wget http://www.tildeslash.org/nullidentd/nullidentd-1.0.tar.gz{{Linkrot|2011|09|04}}
 
$ tar -xvzf nullidentd-1.0.tar.gz
 
 
Then the normal make and sudo make install.
 
 
$ make
 
...
 
$ sudo make install
 
 
The binary is now located under {{ic|/usr/local/sbin}} as {{ic|nullidentd}}.
 
 
Next we need to tell xinetd to listen on 113/tcp and feed nullident any packets it receives.
 
I found this file, saved as {{ic|/etc/xinetd.d/ident}} worked for me.
 
 
service ident
 
{
 
      flags = REUSE
 
      socket_type = stream
 
      wait = no
 
      user = nobody
 
      server = /usr/local/sbin/nullidentd
 
      log''on''failure += USERID
 
      disable = no
 
}
 
 
Finally you will need to restart xinetd as above. Home DSL/cable users may need to setup some port forwardings (see http://www.portforward.com/ ) for external hosts to reach the ident port on your host.
 

Revision as of 13:55, 26 September 2012

The Ident service as specified by RFC 1413 is mostly used by various IRC networks and the occasional old FTP server to ask a remote server which user is making a connection. Any person with two brain cells to rub together should spot that this quite untrustworthy as the remote host can simply choose to lie.

So you have two choices:

  1. Tell the truth (see pidentd below)
  2. Tell a little white lie (see nullident below)

pIdentd

Like most people, I prefer to run identd from from inetd instead of as a stand-alone service. For this to work you will need to install two packages: xinetd and pidentd. I tried this with oidentd but it does not seem to work with the latest xinetd.

1. Install needed software

# pacman -S xinetd pidentd

2. Next, you will need to paste the following into a new file and save it as /etc/xinetd.d/auth

service auth
{
      flags = REUSE
      socket_type = stream
      wait = no
      user = nobody
      server = /usr/sbin/identd
      server_args = -m -N
      logonfailure += USERID
      disable = no
}

3. After you have saved the new file, run xinetd with the following command

# /etc/rc.d/xinetd start

If all went well, you should have the auth service running on port 113. A good way of checking this is by installing nmap (if you do not have it already) and typing

$ nmap localhost