On Wed, 30 Aug 2000, Space Case wrote:

: >hmm...sounds like identd (and irc) need an alg, like ftp.  :)
: 
: So, identd won't work for clients behind the NAT?

No, but the following fairly simple program (in lieu of identd) can make all
identd requests see the same information, allowing ident-requiring programs
to work--while seeing completely bogus info.  I use this to allow IRC out
through my NAT router.  Use it as follows in inetd.conf:

ident stream tcp nowait nobody /usr/local/libexec/fakeidentd fakeidentd

Note the "nowait" and "nobody", which are different from those used by
/usr/libexec/identd.  The "nowait" is very important in particular, and
"nobody" improves security by running this as non-root.

===== CUT - fakeidentd.c =====
/*
 * fakeidentd.c - Demonstrate the bogosity of info coming from ident,
 *                by providing every request the same info.
 *
 * Author:  Todd Vierling <tv@pobox.com>, February 2000.  Public domain.
 */

#include <stdio.h>
#include <string.h>

int main(void)
{
	char buf[4096], *p;

	if (fgets(buf, sizeof buf, stdin))
	{
		if (p = strpbrk(buf, "\r\n"))
			*p = 0;

		printf("%s : USERID : UNIX : user\r\n", buf);
	}

	return 0;
}
===== CUT - fakeidentd.c =====

-- 
-- Todd Vierling <tv@wasabisystems.com>  *  http://www.wasabisystems.com/
-- Speed, stability, security, and support.  Wasabi NetBSD:  Run with it.