Using ident spoofs

From ZNC
Revision as of 08:54, 23 December 2009 by Psychon (Talk | contribs)
Jump to: navigation, search
Languages Languages: 

English  • Deutsch

If you'd like your users to have proper idents - username@host instead of ~username@host, this is what you need to do.


With Oidentd

Starting Oidentd

This guide assumes that oidentd is already running. Please refer to your distribution's docs on how to do this. If in doubt, you could try to start it yourself: 

oidentd -u nobody -g nobody

Add -q to parameters, if you don't need oidentd to be logging your users' IP addresses.


1. Your /etc/oidentd.conf must allow ident spoofing for the user ZNC runs as (The allow spoof privilege). Example file: 

default {
            default {
                 allow spoof
                 allow spoof_all
                 allow spoof_privport
                 allow random_numeric
                 allow numeric
                 allow hide
            }
 
}

2. Create an empty .oidentd.conf file in your homedir (this step may be unnecessary) 

     touch ~/.oidentd.conf
     chmod 644 ~/.oidentd.conf

3. Oidentd must be able to read your ~/.oidentd.conf. Therefore your homedir should at least have 701 (world executable, rwx-----x) permissions. 

     chmod 701 ~

4. Add this to the beginning (near the Listen = line) of your znc config file (~/.znc/configs/znc.conf most likely)

For all versions: 

     ISpoofFile = ~/.oidentd.conf
     ISpoofFormat = global { reply "%" }

For ZNC 0.078 and newer one can alternatively use the variables from ExpandString, e.g: 

     ISpoofFile = ~/.oidentd.conf
     ISpoofFormat = global { reply "%ident%" }

5. If you have chrooted your ZNC installation you can still use oidentd. Simply create a symbolic link to the .oidentd file inside the chroot: 

     cd /home/bouncer
     ln -s /var/chroot/home/bouncer/.oidentd.conf

All changes made by ZNC to the chrooted home dir will now be visible for oidentd. An other way is, to chroot oidentd too which is more secure, but isn't easy for novice users.

6. Rehash your ZNC config (/msg *status rehash or pkill -SIGHUP znc). If your ZNC is older than 0.054, you have to restart ZNC. (But it shouldn't be, since versions older than 0.066 contains security holes)


Short explanation: Every time a ZNC user starts a connection to an IRC server, ZNC puts his desired ident in the temporary file ~/.oidentd.conf . When the IRC server gets the connection request, it queries your machine for the ident. That's where oidentd comes into play: it reads the ident from the temporary file, and sends it to the IRC server. Afterwards ZNC writes back the old file contents.


Without Oidentd

If you don't like oidentd for some reason, but have root access and iptables, you can try this: Using ident spoofs with identserver and iptables.

Retrieved from "http://en.znc.in/wiki/Using_ident_spoofs"