PostgreSQL docs say:
The “Identification Protocol” is described in RFC 1413. Virtually every Unix-like operating system ships with an ident server that listens on TCP port 113 by default. The basic functionality of an ident server is to answer questions like “What user initiated the connection that goes out of your port X and connects to my port Y?”.
i wanna know, how to verify opensuse’s ident server is working ? is there any out-of-the-box ident client ? is user name in response encrypted?
thanks advance, any suggestions is appreciated!
hcvv
February 12, 2013, 5:27pm
2
You can see which ports are listening usiing
netstat -tulpn
In my 12.2 system:
boven:~ # netstat -tulpn
Active Internet connections (only servers)
Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name
tcp 0 0 0.0.0.0:2049 0.0.0.0:* LISTEN -
tcp 0 0 0.0.0.0:44644 0.0.0.0:* LISTEN 1603/rpc.mountd
tcp 0 0 0.0.0.0:873 0.0.0.0:* LISTEN 1373/xinetd
tcp 0 0 0.0.0.0:3306 0.0.0.0:* LISTEN 2050/mysqld
tcp 0 0 0.0.0.0:111 0.0.0.0:* LISTEN 1/init
tcp 0 0 0.0.0.0:48400 0.0.0.0:* LISTEN -
tcp 0 0 0.0.0.0:37681 0.0.0.0:* LISTEN 1603/rpc.mountd
tcp 0 0 0.0.0.0:37139 0.0.0.0:* LISTEN 1617/rpc.statd
tcp 0 0 0.0.0.0:41235 0.0.0.0:* LISTEN 1603/rpc.mountd
tcp 0 0 0.0.0.0:21 0.0.0.0:* LISTEN 1373/xinetd
tcp 0 0 0.0.0.0:631 0.0.0.0:* LISTEN 578/cupsd
tcp 0 0 127.0.0.1:25 0.0.0.0:* LISTEN 2242/master
tcp 0 0 :::2049 :::* LISTEN -
tcp 0 0 :::54596 :::* LISTEN 1603/rpc.mountd
tcp 0 0 :::42606 :::* LISTEN 1603/rpc.mountd
tcp 0 0 :::111 :::* LISTEN 1/init
tcp 0 0 :::80 :::* LISTEN 1682/httpd2-prefork
tcp 0 0 :::59348 :::* LISTEN 1617/rpc.statd
tcp 0 0 :::53815 :::* LISTEN -
tcp 0 0 :::631 :::* LISTEN 1/init
tcp 0 0 ::1:25 :::* LISTEN 2242/master
tcp 0 0 :::41405 :::* LISTEN 1603/rpc.mountd
udp 0 0 0.0.0.0:41187 0.0.0.0:* 1603/rpc.mountd
udp 0 0 0.0.0.0:760 0.0.0.0:* 584/rpcbind
udp 0 0 0.0.0.0:45355 0.0.0.0:* 1603/rpc.mountd
udp 0 0 0.0.0.0:45979 0.0.0.0:* 1617/rpc.statd
udp 0 0 127.0.0.1:945 0.0.0.0:* 1617/rpc.statd
udp 0 0 0.0.0.0:2049 0.0.0.0:* -
udp 0 0 0.0.0.0:55325 0.0.0.0:* -
udp 0 0 0.0.0.0:56416 0.0.0.0:* 1603/rpc.mountd
udp 0 0 0.0.0.0:111 0.0.0.0:* 1/init
udp 0 0 0.0.0.0:631 0.0.0.0:* 1/init
udp 0 0 10.0.0.154:123 0.0.0.0:* 2105/ntpd
udp 0 0 127.0.0.1:123 0.0.0.0:* 2105/ntpd
udp 0 0 0.0.0.0:123 0.0.0.0:* 2105/ntpd
udp 0 0 :::52426 :::* 1603/rpc.mountd
udp 0 0 :::760 :::* 584/rpcbind
udp 0 0 :::60784 :::* -
udp 0 0 :::2049 :::* -
udp 0 0 :::33833 :::* 1617/rpc.statd
udp 0 0 :::38998 :::* 1603/rpc.mountd
udp 0 0 :::111 :::* 1/init
udp 0 0 2001:980:91a0:1:21b:123 :::* 2105/ntpd
udp 0 0 2001:980:91a0:1:b10:123 :::* 2105/ntpd
udp 0 0 ::1:123 :::* 2105/ntpd
udp 0 0 fe80::21b:fcff:fe7f:123 :::* 2105/ntpd
udp 0 0 :::123 :::* 2105/ntpd
udp 0 0 :::53895 :::* 1603/rpc.mountd
boven:~ #
There is no port 113 there, which is confirmed with
boven:~ # netstat -tulpn | grep 113
boven:~ #
Thus there isn’t a server serving on port 113. Would a bit of a security hole if it was running by default IMHO.
But I find using YaST > Software > Software Management the following package on the 12.2 OSS repo (not installed):
oidentd - Configurable IDENT Server That Supports NAT/IP Masquerading
Oidentd is an ident (rfc1413 compliant) daemon that runs on Linux, Darwin, FreeBSD, OpenBSD, NetBSD, and Solaris. oidentd can handle IP masqueraded/NAT connections on Linux, Darwin, FreeBSD (ipf only), OpenBSD, and NetBSD. Oidentd has a flexible mechanism for specifying ident responses. Users can be granted permission to specify their own ident responses. Responses can be specified according to host and port pairs.
Maybe that is what you are after.
hcvv:
You can see which ports are listening usiing
netstat -tulpn
In my 12.2 system:
boven:~ # netstat -tulpn
Active Internet connections (only servers)
Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name
tcp 0 0 0.0.0.0:2049 0.0.0.0:* LISTEN -
tcp 0 0 0.0.0.0:44644 0.0.0.0:* LISTEN 1603/rpc.mountd
tcp 0 0 0.0.0.0:873 0.0.0.0:* LISTEN 1373/xinetd
tcp 0 0 0.0.0.0:3306 0.0.0.0:* LISTEN 2050/mysqld
tcp 0 0 0.0.0.0:111 0.0.0.0:* LISTEN 1/init
tcp 0 0 0.0.0.0:48400 0.0.0.0:* LISTEN -
tcp 0 0 0.0.0.0:37681 0.0.0.0:* LISTEN 1603/rpc.mountd
tcp 0 0 0.0.0.0:37139 0.0.0.0:* LISTEN 1617/rpc.statd
tcp 0 0 0.0.0.0:41235 0.0.0.0:* LISTEN 1603/rpc.mountd
tcp 0 0 0.0.0.0:21 0.0.0.0:* LISTEN 1373/xinetd
tcp 0 0 0.0.0.0:631 0.0.0.0:* LISTEN 578/cupsd
tcp 0 0 127.0.0.1:25 0.0.0.0:* LISTEN 2242/master
tcp 0 0 :::2049 :::* LISTEN -
tcp 0 0 :::54596 :::* LISTEN 1603/rpc.mountd
tcp 0 0 :::42606 :::* LISTEN 1603/rpc.mountd
tcp 0 0 :::111 :::* LISTEN 1/init
tcp 0 0 :::80 :::* LISTEN 1682/httpd2-prefork
tcp 0 0 :::59348 :::* LISTEN 1617/rpc.statd
tcp 0 0 :::53815 :::* LISTEN -
tcp 0 0 :::631 :::* LISTEN 1/init
tcp 0 0 ::1:25 :::* LISTEN 2242/master
tcp 0 0 :::41405 :::* LISTEN 1603/rpc.mountd
udp 0 0 0.0.0.0:41187 0.0.0.0:* 1603/rpc.mountd
udp 0 0 0.0.0.0:760 0.0.0.0:* 584/rpcbind
udp 0 0 0.0.0.0:45355 0.0.0.0:* 1603/rpc.mountd
udp 0 0 0.0.0.0:45979 0.0.0.0:* 1617/rpc.statd
udp 0 0 127.0.0.1:945 0.0.0.0:* 1617/rpc.statd
udp 0 0 0.0.0.0:2049 0.0.0.0:* -
udp 0 0 0.0.0.0:55325 0.0.0.0:* -
udp 0 0 0.0.0.0:56416 0.0.0.0:* 1603/rpc.mountd
udp 0 0 0.0.0.0:111 0.0.0.0:* 1/init
udp 0 0 0.0.0.0:631 0.0.0.0:* 1/init
udp 0 0 10.0.0.154:123 0.0.0.0:* 2105/ntpd
udp 0 0 127.0.0.1:123 0.0.0.0:* 2105/ntpd
udp 0 0 0.0.0.0:123 0.0.0.0:* 2105/ntpd
udp 0 0 :::52426 :::* 1603/rpc.mountd
udp 0 0 :::760 :::* 584/rpcbind
udp 0 0 :::60784 :::* -
udp 0 0 :::2049 :::* -
udp 0 0 :::33833 :::* 1617/rpc.statd
udp 0 0 :::38998 :::* 1603/rpc.mountd
udp 0 0 :::111 :::* 1/init
udp 0 0 2001:980:91a0:1:21b:123 :::* 2105/ntpd
udp 0 0 2001:980:91a0:1:b10:123 :::* 2105/ntpd
udp 0 0 ::1:123 :::* 2105/ntpd
udp 0 0 fe80::21b:fcff:fe7f:123 :::* 2105/ntpd
udp 0 0 :::123 :::* 2105/ntpd
udp 0 0 :::53895 :::* 1603/rpc.mountd
boven:~ #
There is no port 113 there, which is confirmed with
boven:~ # netstat -tulpn | grep 113
boven:~ #
Thus there isn’t a server serving on port 113. Would a bit of a security hole if it was running by default IMHO.
But I find using YaST > Software > Software Management the following package on the 12.2 OSS repo (not installed):
Maybe that is what you are after.
thanks man, your reply helps me a lot.
i installed oidentd, modified Oidentd startup options(so it will listen for IPv6), then started it, and it works well with postgresql ident authentications!
by the way, pidentd is out-of-the-box, without none modifications.
hcvv
February 12, 2013, 8:14pm
4
thanks man, your reply helps me a lot.
i installed oidentd, modified Oidentd startup options(so it will listen for IPv6), then started it, and it works well with postgresql ident authentications!
by the way, pidentd is out-of-the-box, without none modifications.
Nice you got what you wanted. Enjoy!