Summary

    A simple, faked ident daemon.


Overview

    fauxident is a small Python script that will act as an extremely
    naive ident server, answering all ident requests with a consistent
    response -- either an ERROR or a USERID response.  This can be
    advantageous on systems where running a true identd is
    unavailable, where it would be a security risk, or when
    masquerading firewalls are in use, where multiple machines are
    involved behind the firewall and running a proper ident system is
    not an option.


Getting the software

    The current version of fauxident is 1.2.1.

    The latest version of the software is available in a tarball here:
    "http://www.alcyone.com/software/fauxident/fauxident-latest.tar.gz",
    http://www.alcyone.com/software/fauxident/fauxident-latest.tar.gz.

    The official URL for this Web site is
    "http://www.alcyone.com/software/fauxident/",
    http://www.alcyone.com/software/fauxident/.


Requirements

    fauxident requires Python 2.x or greater and a Unix or Unix-like
    operating system.


License

    This code is released under the "GPL",
    http://www.gnu.org/copyleft/gpl.html.


Introduction

    An ident server is intended to get information on correlations
    between client and server ports on a machine, and connect them to
    the user involved with using it.  ident is used implicitly by some
    other services; for instance, many IRC servers check for ident
    responses from connecting clients, and some in fact will reject
    clients which do not have an ident server running.

    The intent of this program is to allow users who cannot otherwise
    run identd servers (either for security or network topology
    reasons) to set up something that will respond, albeit trivially,
    with an ident response.  Note that the server does understand the
    ident protocol enough to be able to detect, and response with the
    proper error messages to, malformed queries.

    The fauxident.py program should be run from the command line.  By
    default it will act as a daemon.  Also, since it binds to port 113
    by default, root access is required.  Any server that is already
    bound to port 113, of course, will prevent fauxident.py from
    running.


Invocation

    The following command line options alter the behavior of the
    program as follows:

    **'-V/--version'** -- Print the version of the program and exit.

    **'-p/--port' (port)'** -- Bind to the specified port.  Defaults
      to 113 (which requires root access).

    **'-a/--address' (IP address)'** -- Bind to the specified
      interface.  By default all interfaces are used.

    **'-f/--foreground'** -- Keep the program in the foreground (and
      stdout/stderr open); by default, if the server can be created,
      the script will daemonize itself.

    **'-r/--realm' (realm)** -- In a valid response, the realm in which the
      reponse takes place.  By default this is 'UNIX'.

    **'-u/--user' (user)** -- In a valid response, the user associated
      with the realm.  By default this is 'user'.  This can also be a
      comma-separated list of names, of which a random one will be
      chosen for each connection.

    **'-m/--permute'** -- In a valid response, randomly shuffle the
      letters of the user name before responding.

    **'-s/--suffix' (length)** -- In a valid response, append a random
      number of the specified number of digits (padded to the left
      with zeroes) to the end of the user response.

    **'-e/-E/--error' (error)** -- Cause the specified error to be the
      response for otherwise valid queries, if that should be so
      desired.  The response should be one of 'INVALID-PORT',
      'NO-USER', 'HIDDEN-USER', or 'UNKNOWN-ERROR'.  (Other responses
      are allowed, but have no meaning according to the RFC.)

    **'-N/--no-user'** -- Shortcut for '-e NO-USER'.

    **'-H/--hidden-user'** -- Shortcut for '-e HIDDEN-USER'.


Sample usage

    By default the server will start in the background and bind to the
    standard port and respond to all queries as if the port pair were
    owned by the user 'user' in the realm 'UNIX'::

        ./fauxident.py

    An alternate interface and/or port can be chosen::

        ./fauxident.py -a 10.0.0.1 -p 8113

    Different realms and user names can be chosen.  For instance, to
    have the server respond as 'nobody' under the realm 'OTHER', use::

        ./fauxident.py -r OTHER -u nobody

    Multiple names can be specified, separated by commas (with no
    intervening spaces), and one will be selected randomly each time::

        ./fauxident.py -u larry,curly,moe

    The -m option can be include which causes the user to be randomly
    permuted (the letters shuffled) *each time* the name is
    generated (but before the suffix, if any, is appended)::

        ./fauxident.py -u noname -m

    Additionally, the -s option can be used to specify a suffixed
    random number (padded with zeroes) of the given length in each
    response::

        ./fauxident.py -u resu -s 4

    This last example will respond each time with a different
    randomized name with a four-digit suffixed random number, *e.g.*,
    'resu3759'.

    One can also configure the server to always respond with errors::

        ./fauxident.py -N
        ./fauxident.py -H


Wish list

    - This obviously could eventually be turned into a full-fledged,
      or perhaps under limited control, identd service.


References

    - RFC 1413.


Release history

    - 1.2.1; 2003 Oct 21.  User name permuting was accidentally on by
      default; corrected missing -m entry in usage information.

    - 1.2; 2003 Sep 27.  Add -m option to permute user names in
      responses.

    - 1.1; 2002 Dec 7.  Allow multiple user names to be chosen
      randomly from; include support for suffixed random number of
      given length; change to -V option for version information;
      improve documentation.

    - 1.0.1; 2002 Oct 15.  Bugfix to reject large input buffers from
      the client, preventing a highly unlikely but possible DOS
      attack.

    - 1.0; 2002 Aug 14.  Initial release.


Author

    This module was written by "Erik Max Francis",
    http://www.alcyone.com/max/.  If you use this software, have
    suggestions for future releases, or bug reports, "I'd love to hear
    about it", mailto:software@alcyone.com.


Version

    Version 1.2.1 $Date: 2003/10/21 $ $Author: max $
