μidentd (ipv4+ipv6)
It's a simple, Perl-based Identd/AUTH (port 113) server (actually use xinetd,
inetd, or tcpserver to fork it off).
You can use tcpserver to invoke it (adjust arguments accordingly) like this:
tcpserver -v -u nobody -DHRl0 0 113 /path/to/identd
If you're running a (Linux) kernel with security features (like openwall or
grsecurity, then you must make sure that the user (-u user) is
able to read tcp and tcp6 from the proc filesystem. Running the server as root
is not recommended. On a gresecurity system, you can add a user to the group
that is allowed to view all information in the proc filesystem, and then run
tcpserver with the -g privileged-group argument, without
compromising too much security.
If you are running μidentd on an IPv6 system with tcpserver, make
sure your tcpserver can work with IPv6. You can use
Fefe's patches for ucspi-tcp to add
IPv6 support to tcpserver.
TODO:
make it run on BSD variants (do they also use /proc/net/* ?)
extended protocol support
News:
2006-10-13: According to Thomas Zehetbauer: "RFC1413 requires responses
to be terminated by CRLF. Not doing so causes postgresql ident
authentication to refuse connections with "invalidly formatted response
from Ident server" -- I definitely agree, see version 1.2.1.
The Files:
license: GNU General Public License
version 1.2.1: download (Oct 2006)
version 1.2: download (Mar 2004)
version 1.1 (IPv4+IPv6+multiquery): download (Sep 2002)
version 1.0 (IPv6-only): download (Aug 2002)
Oh yeah, and, it runs on Linux-based systems (that's all I've tried so far). As long
as it can read /proc/net/tcp and /proc/net/tcp6 it should work.
The latest revision of the AUTH/IDENT protocol can be found in
RFC 1413.
Go to my homepage.
© 2002-2004 Amir Malik. Redistribution is allowed and encouraged as long as the file
is kept intact, and the original author's page and copyright remain.