This is a small program that can be used to log "ident" info in conjunction with the "inetd" daemon. Say for example that you wish to log all connections to your "telnet" port. Change your inetd.conf file into something like this: telnet stream tcp nowait root /usr/sbin/identify telnet-ident -b -i /usr/sbin/in.telnet in.telnet This will generate log records in your /var/log/authlog file looking like: Apr 9 03:17:50 foobar telnet-ident: pen@lysator.liu.se: /usr/sbin/in.telnet There are a few options available. No manual page available yet though so use the source.. :-) Options available: -i[<str>] Enable logging even if there is no remote Identification Daemon to query. The optional string <str> is set to the string that is to be used in the log record as the user id. The default <str> is to print no user id at all. -b Do the identification in the background. This will reduce the time it takes to start the program. -d<num> Set the file descriptor number that should be Identified. -D Enable some debugging code -o<num> Set the <logopt> code. Used in the openlog() call. -f<num> Set the <facility> code. Used in the openlog() call. This switch is only available on systems running the modern 4.3BSD syslog daemon. -n<name> Set the <name> argument. Used in the openlog() call. -p<num> Set the <priority> code. Used in the syslog() call. -m<msg> Set the <message> argument. Used in the syslog() call as an alternative to the program path. -x Don't do the user name identification lookup part. This is useful to prevent loops if you decide to use identify to log ident lookups.. Otherwise we would run into a loop pretty quick. -r<bits> Reject the connection complete if the first <bits> of the IP address of the connecting user is different from the local address. If you try to use this option together with the "-b" option, then the "-b" option will be turned off. -R Reject the connection if it wasn't possible to identify the user via the IDENT protocol. If you try to use this option together with the "-b" option, then the "-b" option will be turned off. If you try to use this with the "-x" option all connections will be rejected. :-) -t<secs> Set a timeout of <secs> seconds for the connection to the remote user identification server. The default timeout is 120 seconds. Set it to 0 to disable the timeout. Credits go to Paul Hubbard <paul@oxy.edu> for the patches to implement the "-x" and "-r" options. Credits go to Alan P Barrett <root@daisy.ee.und.ac.za> for the patches to implement the "-t<secs>" option. /Peter Eriksson (pen@lysator.liu.se), 23 Aug 1992
