packages icon
This is a small program that can be used to log "ident" info in conjunction
with the "inetd" daemon. Say for example that you wish to log all connections
to your "telnet" port. Change your inetd.conf file into something like this:

  telnet stream tcp nowait root /usr/sbin/identify telnet-ident -b -i /usr/sbin/in.telnet in.telnet
 
This will generate log records in your /var/log/authlog file looking like:

  Apr  9 03:17:50 foobar telnet-ident: pen@lysator.liu.se: /usr/sbin/in.telnet
 
There are a few options available. No manual page available yet though so
use the source.. :-)

Options available:

   -i[<str>]	Enable logging even if there is no remote Identification
		Daemon to query. The optional string <str> is set to the
		string that is to be used in the log record as the user
		id. The default <str> is to print no user id at all.

   -b           Do the identification in the background. This will reduce
		the time it takes to start the program. 

   -d<num>	Set the file descriptor number that should be Identified.

   -D		Enable some debugging code

   -o<num>	Set the <logopt> code. Used in the openlog() call.

   -f<num>	Set the <facility> code. Used in the openlog() call.
		This switch is only available on systems running the
		modern 4.3BSD syslog daemon.

   -n<name>	Set the <name> argument. Used in the openlog() call.

   -p<num>	Set the <priority> code. Used in the syslog() call.

   -m<msg>	Set the <message> argument. Used in the syslog() call as an
		alternative to the program path.

   -x		Don't do the user name identification lookup part. This is
		useful to prevent loops if you decide to use identify to log
		ident lookups.. Otherwise we would run into a loop pretty
		quick.

   -r<bits>	Reject the connection complete if the first <bits> of the
		IP address of the connecting user is different from the
		local address. If you try to use this option together with
		the "-b" option, then the "-b" option will be turned off.

   -R		Reject the connection if it wasn't possible to identify
		the user via the IDENT protocol. If you try to use this
		option together with the "-b" option, then the "-b" option
		will be turned off. If you try to use this with the "-x"
		option all connections will be rejected. :-)

   -t<secs>	Set a timeout of <secs> seconds for the connection to the
		remote user identification server. The default timeout is
		120 seconds. Set it to 0 to disable the timeout.

Credits go to Paul Hubbard <paul@oxy.edu> for the patches to
implement the "-x" and "-r" options.

Credits go to Alan P Barrett <root@daisy.ee.und.ac.za> for the patches to
implement the "-t<secs>" option.

/Peter Eriksson (pen@lysator.liu.se), 23 Aug 1992