"Fossies" - the Fresh Open Source Software Archive

Member "pidentd-3.0.19/INSTALL" (20 Jan 1999, 7296 Bytes) of package /linux/misc/old/pidentd-3.0.19.tar.gz:


As a special service "Fossies" has tried to format the requested text file into HTML format (style: standard) with prefixed line numbers. Alternatively you can here view or download the uninterpreted source code file.

    1 INSTALL file for Pidentd 3.0
    2 
    3 Copyright (c) 1997-1999 Peter Eriksson <pen@lysator.liu.se>
    4 
    5 
    6 
    7 Basic requirements:
    8 
    9 	A working ISO (ANSI) C compiler.
   10 
   11 	A supported operating system.
   12 
   13 
   14 See below for OS-specific information. In case of problems, see
   15 the "FAQ" file and also make sure you are using the latest version
   16 of Pidentd. You can always FTP the latest version from:
   17 
   18 	ftp://ftp.lysator.liu.se/pub/ident/servers/
   19 
   20 
   21 Installation in principle:
   22 
   23 	1. Run "./configure ; make"
   24 
   25 	2. Run "make install" (or manually install the files)
   26 
   27 	3. Install (and perhaps modify) the config file (identd.conf)
   28 	   By default it should go into the /usr/local/etc directory,
   29 	   but this is changeable via the `--sysconfdir' option to
   30            configure.
   31 
   32 	4. Modify the system startup scripts so that it starts
   33 	   automatically at system boot. See below for more info.
   34 
   35 	5. Start the daemon (see below for the alternatives on how
   36            to do this).
   37 
   38 If step #1 (configure) complains about not being able to find any
   39 usable threads library, see the "--without-threads" option below.
   40 
   41 
   42 
   43 * A couple of options to "configure":
   44 
   45 	--without-threads
   46 
   47 		Build the daemon without threads support. This
   48 		is not recommended, but if you do - make sure
   49 		you start the daemon from /etc/inetd.conf with
   50 		the "nowait" option.
   51 
   52 	--with-threads=[LIB]
   53 
   54 		Where LIB may be one of:
   55 
   56 			yes 	Autoselect (the default)
   57 			ui	Unix International (Solaris) threads
   58 			posix	Posix threads
   59 			dce	DCE/CMA threads (Posix draft 4)
   60 
   61 
   62 
   63 
   64 * DES encryption
   65 
   66 The configure script will try to locate a MIT compatible DES library
   67 and will automatically add support for it if found. One good free
   68 MIT DES compatible library is Eric Youngs implementation, which can
   69 be FTP'd from a number of places around the world. I've tested Pidentd
   70 with version 4.01 of it. The primary FTP site for this library is:
   71 
   72 	ftp://ftp.psy.uq.oz.au/pub/Crypto/DES/libdes-x.xx.tar.gz
   73 
   74 The libcrypto library included with his SSLeay package also works:
   75 
   76 	ftp://ftp.psy.uq.oz.au/pub/Crypto/SSL/SSLeay-x.y.z.tar.gz
   77 
   78 The libcrypto library is actually the prefered one since it includes
   79 a good random DES key generator which is used (if found) by the
   80 Ikeygen program.
   81 
   82 To decrypt the encrypted response you can use the Idecrypt program
   83 which you can build with "make idecrypt". There is also a DES
   84 encryption/decryption key generator program Ikeygen that will
   85 put a key into the keyfile that you may want to build ("make ikeygen")
   86 
   87 Ie, to enable DES encryption of IDENT replies do this:
   88 
   89 	1. Install a DES library
   90 	2. Build the identd daemon ("make identd")
   91 	3. Build the idecrypt program ("make idecrypt")
   92 	4. Build the ikeygen progam ("make ikeygen")
   93 	5. Install identd
   94 	6. Run "ikeygen" once to create a keyfile and put
   95 		a new key into it.
   96 	7. Start/restart the identd daemon.
   97 
   98 Each time you rerun "ikeygen" it will append a new key to the
   99 keyfile. You must restart the Ident daemon after doing that so
  100 that it will read the new key.
  101 
  102 Idecrypt will attempt to decrypt the replies with each key found
  103 in the key file until it succeeds.
  104 
  105 
  106 * Modifying the system startup files
  107 
  108 If you decide to not start the daemon from /etc/inittab or /etc/inetd.conf
  109 then you must modify the system startup files to launch the daemon
  110 manually.
  111 
  112 For systems with SysV compatible init scrips you may wanna use the
  113 file "etc/identd.init". Copy it to /etc/init.d/identd and modify it
  114 so that it points to the daemon binary. Then make a symbolic link from
  115 the right runlevel directory to this script. On Solaris this would be:
  116 
  117 	cp etc/identd.init /etc/init.d/identd
  118 	vi /etc/init.d/identd
  119 	ln -s /etc/init.d/identd /etc/rc2.d/S99identd
  120 
  121 On systems with BSD compatible init scripts you should simply
  122 just launch the daemon from /etc/rc.local or something similar.
  123 
  124 
  125 * Starting the daemon
  126 
  127 The daemon will try to autodetect how it was invoked (as a standalone
  128 daemon, from inetd.conf as either a "nowait" or "wait" service or from
  129 /etc/inittab).
  130 
  131 *Please* note that not all implementations of Inetd support the "wait" mode
  132 for "stream tcp" services. In that case start it as a standalone daemon
  133 or from /etc/inittab instead.
  134 
  135 The one situation where it will misunderstand how it should start is
  136 if someone uses rsh to a remote machine to start it, like this:
  137 
  138 	rsh machine /usr/sbin/identd
  139 
  140 (It will confuse that mode (standalone, where it should fork and
  141 bind itself to port 113) with Inetd-nowait since in both cases
  142 file descriptor 0 will be a connected network socket).
  143 
  144 If the autodetection fails, then it is possible to override it with
  145 command line switches:
  146 
  147 	-i	Inetd, nowait mode
  148 	-w	Inetd, wait mode
  149 	-I	/etc/inittab mode
  150 	-b	Standalone mode
  151 
  152 The daemon should _always_ be started as "root" (it will switch
  153 to user "nobody" as soon as it has opened all necessary kernel
  154 device files).
  155 
  156 
  157 
  158 * Protecting the Ident daemon with TCP Wrappers
  159 
  160 Don't do that. But if you do - make sure that you DO NOT CONFIGURE
  161 YOUR TCP WRAPPER TO DO IDENT LOOKUPS for the "ident" service or you
  162 are risking a loop if the other end has a similar configuration. You
  163 can only do this when starting the daemon from Inetd using
  164 the "nowait" mode (which normally you do not want to do).
  165 
  166 
  167 * Testing the installation
  168 
  169 Build the "ibench" program with "make ibench" and then run it
  170 like this:
  171 
  172 	src/ibench
  173 
  174 It will by default attempt to connect to your local Ident daemon
  175 a large number of times during one minute and try to verify that
  176 the Ident daemon successfully identifies the user to executed the
  177 Ibench program. Please note that if you start your Ident daemon
  178 from /etc/inetd.conf and use "nowait" then this may cause your
  179 Inetd daemon to disable that service since it might think that
  180 the daemon is looping due to it restarting so quickly.
  181 Try it with "-h" for a list of the valid options.
  182 
  183 You can also use a simple Ident testing server I run on the
  184 machine at 130.236.254.1, port 114, like this:
  185 
  186 	telnet 130.236.254.1 114
  187 
  188 It should reply with your username (the username who started
  189 the "telnet" command). Beware of any potential firewalls that
  190 you may have at your site that may block access to this service
  191 (or access to your IDENT daemon from my site).
  192 
  193 
  194 
  195 * Some information for SunOS 4 users:
  196 
  197 A more-or-less usable Pthreads library for SunOS 4.1 is Proven's, that
  198 can be FTP'd from:
  199 
  200 	ftp://sipb.mit.edu/pub/pthreads/
  201 
  202 It won't support YP username lookups though, so you'll be limited
  203 to uids (or have everything in the local /etc/passwd file).
  204 
  205 You'll need to modify the installed sys/signal.h file to include
  206 the struct sigstack definition (check the /usr/include/sys/signal.h
  207 file for the struct definition).
  208 
  209 Set the "CC" environment variable to the "pgcc" wrapper script
  210 and then run "./configure; make".
  211 
  212 
  213 
  214 * Some information for Solaris 7 users:
  215 
  216 If you want to run pidentd on a 64-bit kernel, you need to compile with a
  217 compiler capabable of producing 64-bit binaries.  Both gcc 2.8.1 and egcs
  218 1.1 cannot do this, so you need to use SunPro C 5.0.
  219 
  220 
  221 
  222 * Some information for Silicon Graphics IRIX users:
  223 
  224 The same binary *may* be used over a range of different OS versions
  225 if you are lucky (but there may be problems with different IRIXes
  226 having different levels of threads support).
  227 
  228 See the file "doc/sgi_irix.txt" for more information. 
  229 
  230 
  231 
  232 					- Peter Eriksson <pen@lysator.liu.se>