The FreeBSD Diary |
|
(TM) | Providing practical examples since 1998If you buy from Amazon USA, please support us by using this link. |
|
identd problems - patch
19 December 1999
|
|
I had some identd problems on IRC today and I think I figured out the cause. You may also want to see auth/tcp server failing (looping), service terminated. |
|
The issue
|
| Today I did some firewall work and rearranged the startup procedures on my box. Basically, I moved stuff from /etc/rc.local to /usr/local/etc/rc.d (because the former is now deprecated and it is recommended that you use the latter only; see Starting stuff at boot time). After restarting the box and gettng back onto IRC, I found my hostmask wasn't correct. It had a ~ in front of it. This indicates that your ident failed (I admit to not knowing much about this area, so my basics may be wrong). |
|
What I tried
|
My first thoughts were that my firewall was blocking the incoming requests. So I
tried this from an external connection:$ telnet mydomain.org 113 Trying my.ip.addre.ss... Connected to my.org. Escape character is '^]'. OK. The incoming requests are being accepted. So what's wrong? |
|
What worked
|
After trying the above, I remembered that I'd been fooling around with the identd
command line options. I had recently added -o and -e so
I removed both of these and hup'd inetd. identd now
worked. With a bit more playing, I figured out it was the -o option which was
causing the ident to fail. From the ident man page:The -o flag tells identd to not reveal the operating sys- tem type it is run on and to instead always return "OTHER". Interesting. |
|
Other notes
|
| Most of you will know that I run Windows NT on my desktop. mIRC is my favoured IRC client. Within mIRC, under File | Setup | Identd, you'll see the options for an identd server. I found these options were not necessary when I was running identd on my gateway. In fact, they had no effect. |
|
Testing identd
|
| Here is an easy way to test if identd is working. This is best done
with two telnet sessions. This example assumes you have telnet enabled and you are
worked ident works quite simply by providing a mechanism to verify if someone is connected or not. It allows one computer to ask another "is so-and-so connected to my port from this port on your box?". It is a simple verification method. In this test, we will connect to our box from our box, then check the ports being used, then ask ident for a verification. In the first telnet session, we will set up a telnet to ourselves but not do anything with it. In the second telnet session, we look at the first session and see what port it is connecting from. Then we'll use that information in our ident query.
|
| Given all of the above steps, you should be able to verify that identd is running. |
|
An identd patch
|
I created a patch for pidentd-2.8.5 because I didn't like the way the -N
option worked. From man identd:The -n flag tells identd to always return user numbers instead of user names if you wish to keep the user names a secret. The -N flag makes identd check for a file ".noident" in each homedirectory for a user which the dae- mon is about to return the user name for. It that file exists then the daemon will give the error HIDDEN-USER instead of the normal USERID response. However, identd returns this if you use the -N flag and have a .noident file in the home directory: 23 , 1380 : ERROR : HIDDEN-USER which is an error, oddly enough. I'd rather have success than a error. So I made a patch to fix this. With that patch, the following is returned for a .noident user: 23 , 1380 : USERID : UNIX:HIDDEN-USER That's useful for some users which you may not wish to ident, but still wish to return a valid ident response. |