[ .. ]

--- === ---
*** didentd ***
--- === ---

overview

didentd is a modular RfC1423 (identd) server for FreeBSD and Linux written with security in mind. The Server normally runs chrooted under /proc/net on an unprivileged id.
Normally didentd does not send an username but an encrypted audit token to the client. This token contains all information about the requested connection:

• userid owning the connection
• source ip:port
• destination ip:port
• a timestamp

If a remote admin has a complaint about something from your machine he can send this audit token back to you, you can pipe it through didentd-decrypt and find out which user did the connection. didentd-decrypt outputs all the information from the audit token. So you can have the benefit of ident without revealing internal information from your system.

There is also didentd-name which is a server returning the username of the uid owning the requested connection. This is the classic ident approach.

didentd-static is a server which delivers a fixed reply defined by the administrator to every request.

status

downloads

57dcf69b4a3dce6324e14aa29938ba13  didentd-0.2.tar.gz
db7d174abb0f0297b9bb488ff79dbaf4  didentd-0.1.tar.gz

notes

• Jim Knoble contributed some stuff for the next relase until look at this.
• FreeBSD Users can install didentd by typing (cd /usr/ports/security/didentd/; make; make install; make clean).
• The ident protocol is also known as "auth" or "tap".
• WHY-TAP explains the benefits of using an ident server on your machines. This text refers to the Protocol nowadays known as ident by the Name "TAP".
• WHY-ENCRYPT explains benefits of using encrypted ident.
• INTERNALS triees to explain didentd internal structure.
• INSTALL explains how to install didentd.

• pidentd
• oidentd
• Erik Fair's identd
• some inetd implementations come with internal ident

Hacked by Doobee R Tzeck, hackers@c0re.23.nu
Last modified: Wed Dec 5 00:21:01 CET 2001