Capabilities

Capabilities help the system administrator control which features users have access to. They can be granted or revoked using capability directives. The default is not to grant any capabilities.

forward

Allows the user to forward ident queries to another server. The receiving ident server must support forwarding (e.g., oidentd with the --proxy option).

The proxied reply is subject to validity checks with respect to other relevant capabilities. For this reason it may be desirable to use the forward capability in conjunction with one or more of hide, spoof, spoof_all, and spoof_privport.

Imperative syntax: forward host port

hide

Allows the user to hide their connections from ident lookups. When used, oidentd reports a HIDDEN-USER error to clients.

Imperative syntax: hide

numeric

Allows the user to reply with their user ID (UID) instead of their user name.

Imperative syntax: numeric

random

Allows the user to send random alphanumeric ident replies. Replies are logged so that the system administrator can identify the user responsible for a particular connection.

Imperative syntax: random

random_numeric

Allows the user to send random numeric ident replies between 0 and 100,000. Numeric replies are prefixed with user. Replies are logged so that the system administrator can identify the user responsible for a particular connection.

Imperative syntax: random_numeric

reply

This capability cannot be granted or revoked. However, using it may require one or more of spoof, spoof_all, and spoof_privport, depending on the replies and type of connection.

Multiple replies can be separated by spaces. If more than one reply is given, one is chosen at random for each incoming query. At least one reply must be specified.

Imperative syntax: reply replies …

spoof

Allows the user to send custom ident replies. Note that the spoof_all capability is required to reply with user names of other users.

This capability does not have an imperative syntax.

spoof_all

Allows the user to reply with user names of other users.

This capability does not have an imperative syntax.

spoof_privport

Allows the user to spoof replies for connections to privileged foreign ports.

This capability does not have an imperative syntax.