Configuration

By default, oidentd replies to ident queries with the local user name of the user owning the connection. Users can override this behavior only if granted permission to do so in the system-wide configuration file.

System-wide Configuration File

The system-wide configuration file is usually found in /etc/oidentd.conf or /usr/local/etc/oidentd.conf, depending on how oidentd was installed.

This file may contain any number of user directives.

User Configuration File

Each user can also create a user configuration file in ~/.oidentd.conf. Note that the user oidentd runs as needs to be able to read this file; in particular, the home directory should be world-executable (mode 711).

This file may contain a directive of the following form:

global {
    <capability-statements …>
}

This global directive matches all connections. There should be at most one directive of this type. If used, it should be the first directive in the file.

<range-specification> {
    <capability-statements …>
}

In this form the directive applies only when the range specification matches.

User Directives

A user directive takes one of the following forms:

default {
    <range-directives …>
}

This form can be used to specify defaults for users. There should be at most one directive of this type. If used, it should be the first user directive.

user username {
    <range-directives …>
}

In this form the directive applies only to the specified user.

Range Directives

A range directive takes one of the following forms:

default {
    <capability-directives …>
}

In this form the directive matches when no other range directive in its scope does. There should be at most one directive of this type. If used, it should be the first range directive.

<range-specification> {
    <capability-directives …>
}

In this form the directive applies only when the range specification matches.

Range Specification

A range specification takes the following form:

to host fport port from host lport port
  • to is the foreign address to which the connection was made
  • fport is the foreign port to which the connection was made
  • from is the local address from which the connection originated
  • lport is the local port from which the connection originated

At least one of the four filters must be specified.

Hosts can be specified by hostname or by IP address. Ports can optionally be specified as a range min:max, where max can be omitted to target all ports greater than or equal to min.

A range specification matches a connection if all specified filters match.

Capability Directives

A capability directive takes one of the following forms:

allow <capability>

In this form the directive permits use of the specified capability.

deny <capability>

In this form the directive prohibits use of the specified capability.

force <capability-statement>

In this form the directive forces use of the specified capability.

Capabilities

The following are valid capabilities:

Capability Statements

The following are valid capability statements:

Further Reading

The oidentd.conf(5) manual page contains further information on how to configure oidentd, as well as detailed descriptions of all capabilities.