IdolHands.com :: Days in the Life of an Alpha Geek
I spent the better part of the afternoon trying to figure out how to get a single box on my network to answer all incoming ident requests. I finally got it working, and thought that I should share what I learned in case anyone else out there needs similar functionality.
If you use IRC, you know that most servers will attempt to verify your identify when you try to connect. This happens via a TCP request sent to port 113 of the connecting machine. Port 113 should be bound to the ident service.
Two problems right off the bat: ident is disabled by default under OS X 10.3, and our combination wired and wireless LAN uses NAT translation, which means that the ident request will never make its way to the connecting machine anyway.
The first problem was pretty easy to solve. Snak, the IRC client we use at home, comes with an identd application. Just drill down to the "Enable ident for Mac OS X" folder to find it. The IdentCtl front-end that is supplied with Snak 4.9.8 is useless under 10.3, as it wants to make changes to inetd.conf. 10.3 doesn't use inetd anymore, but rather xinetd. So go to the Ident and AirPort folder to locate the application identd.
Copy it to the desktop for easy access for the next step. Then open a terminal, and do this:
sudo cp ~/Desktop/identd /usr/libexec/identd sudo chown root:wheel /usr/libexec/identd
Now you'll need to configure xinetd so that it knows about this new service. You'll need to modify /etc/xinetd.d/auth so that it looks like this:
service auth
{
disable = yes
socket_type = stream
wait = no
user = root
server = /usr/bin/false
groups = yes
flags = REUSE IPv6
}
This will prevent port binding collisions. Now create /etc/xinetd.d/ident (note that it's ident, not identd):
service ident
{
disable = no
protocol = tcp
socket_type = stream
wait = yes
user = root
server = /usr/libexec/identd
server_args = -w -t120
}
You'll need to restart xinetd to make the system aware of your changes:
sudo killall -HUP xinetd
Now take a look at the system log to make sure that your changes stuck.
tail /var/log/system.log
You should see a message about ident services being added.
Next we have to configure the firewall to allow access to the ident service we've added. Go to System Preferences, click on the Sharing pane, and go to the Firewall tab. Add an entry for port 113, and call it Ident.
You should be able to get a connection to the ident service now. From a different box on your network:
telnet 192.168.0.whatever 113 Trying 192.168.0.whatever... Connected to 192.168.0.whatever. Escape character is '^]'.
Hit control-C to break the connection.
So now ident is running on a single box on the LAN. The last step is configuring your router to pass all incoming Ident requests to that box.
This is pretty easy using a NetGear router, and should be essentially the same no matter what router you're using. You need to create a static port mapping. Here are the steps I followed:
That's it! Now, no matter what machines on our LAN-- wired or wireless-- connect to an IRC server, a single box on our network responds to the Ident request.
