The following examples illustrate how capabilities can be used with user and range directives to create a secure and flexible configuration.

Lines stating with # are comments and are ignored by oidentd.

System-wide Configuration File

This configuration allows ryan to send spoofed and random ident replies, except for connections to irc.example.net.

Other users’ connections are hidden so that no user information is disclosed to clients.

# User defaults
default {

	# Connection defaults
	default {

		# Hide all connections from users not
		# explicitly listed in this file.
		force hide

# Settings for user "ryan"
user ryan {

	# Connection defaults
	default {

		# Allow ryan to send custom ident replies,
		# except for the names of other users.
		allow spoof

		# Allow ryan to send random ident replies.
		allow random

	# Connections to irc.example.net
	to irc.example.net {

		# Do not allow ryan to spoof ident replies.
		force reply "ryan"

User Configuration File

This user configuration file instructs oidentd to reply to ident queries for connections to foreign ports 6667 through 6697 with a random Greek letter. This requires the spoof capability. It additionally requires the spoof_all capability if there is a local user named “alpha”, “beta”, or “gamma”.

A random alphanumeric ident reply is sent for all other queries. This requires the random capability.

# Connection defaults
global {

	# Send random ident replies by default.

# Foreign ports from 6667 to 6697
fport 6667:6697 {

	# Choose one of three Greek letters at random.
	reply "alpha" "beta" "gamma"