Identd Setup

From ArchWiki
Jump to: navigation, search

The Ident service as specified by RFC 1413 is mostly used by various IRC networks and the occasional old FTP server to ask a remote server which user is making a connection. Any person with two brain cells to rub together should spot that this quite untrustworthy as the remote host can simply choose to lie.

So you have two choices:

  1. Tell the truth (see pidentd below)
  2. Tell a little white lie (see nullident below)

pIdentd

Like most people, I prefer to run identd from from inetd instead of as a stand-alone service. For this to work you will need to install two packages: xinetd and pidentd. I tried this with oidentd but it does not seem to work with the latest xinetd.

1. Install needed software

# pacman -S xinetd pidentd

2. Next, you will need to paste the following into a new file and save it as /etc/xinetd.d/auth

service auth
{
      flags = REUSE
      socket_type = stream
      wait = no
      user = nobody
      server = /usr/sbin/identd
      server_args = -m -N
      logonfailure += USERID
      disable = no
}

3. After you have saved the new file, run xinetd with the following command

# /etc/rc.d/xinetd start

If all went well, you should have the auth service running on port 113. A good way of checking this is by installing nmap (if you do not have it already) and typing

$ nmap localhost

NullIdent

If all you are using ident for is IRC then you might as well try using nullident. Rather than return a truthful (and considered by some to be insecure) response, this ident server just returns the same response over and over, meaning a simple edit on line 86 and instant vanity plates for IRC!

To begin with, grab and unpack the source in your favorite source holding direction (I have a srcs folder in my $HOME)

$ mkdir nullident && cd nullident
$ wget http://www.tildeslash.org/nullidentd/nullidentd-1.0.tar.gzTemplate:Linkrot
$ tar -xvzf nullidentd-1.0.tar.gz

Then the normal make and sudo make install.

$ make
...
$ sudo make install

The binary is now located under /usr/local/sbin as nullidentd.

Next we need to tell xinetd to listen on 113/tcp and feed nullident any packets it receives. I found this file, saved as /etc/xinetd.d/ident worked for me.

service ident
{
      flags = REUSE
      socket_type = stream
      wait = no
      user = nobody
      server = /usr/local/sbin/nullidentd
      logonfailure += USERID
      disable = no
}

Finally you will need to restart xinetd as above. Home DSL/cable users may need to setup some port forwardings (see http://www.portforward.com/ ) for external hosts to reach the ident port on your host.