Submit Hint Search The Forums LinksStatsPollsHeadlinesRSS
14,000 hints and counting!

Workaround identd requirement over AirPort Network
identd is a user identification protocol specific in RFP1413 which many applications require, even though it is untrustworthy and useless and easy to get around. That said, many applications will require that a valid response is received in order to work properly. In my case, it was IRC (Internet Relay Chat) servers.

Normally you can enter a Terminal session and use pico with sudo to edit the /etc/inetd.conf to change the line
#ident stream tcp wait root /usr/libexec/tcpd identd -w -t120
to
auth stream tcp wait root /usr/libexec/tcpd identd -w -t120
However, when you are using an AirPort base station, the process your are responding to won't like the IP address it is getting back. An easy solution is to install Brian Young's nullidentd. Read the rest of the article for the how-to...

I did the following:
  1. Download the file from the site above and drop it on StuffitExpander

  2. Open a Terminal window and change directies to the nullidentd-1.0 directory

  3. Type sudo mkdir /usr/local/sbin (if it doesn't exist).

  4. sudo make install

  5. sudo pico /etc/inetd.conf

  6. Replace:
    auth stream tcp wait root /usr/libexec/tcpd identd -w -t120
    with
    auth    stream  tcp     nowait  nobody /usr/local/sbin/nullidentd nullidentd
  7. Reboot or sudo -HUP `cat /var/run/inetd.pid`

  8. Open up an application that requires identd and it should work with no problem
[Editor's note: I have not tested this one myself.]
    •    
  • Currently 1.00 / 5
  • 1
  • 2
  • 3
  • 4
  • 5
  (1 vote cast)
 
[7,465 views]  

Workaround identd requirement over AirPort | 11 comments | Create New Account
Click here to return to the 'Workaround identd requirement over AirPort' hint
The following comments are owned by whoever posted them. This site is not responsible for what they say.
Error when doing make install
Authored by: PimpDaddy on Jan 15, '03 11:26:52PM

I get the following error when doing the make install:

[BigPimp:~/Desktop/nullidentd-1.0] bryan% sudo make install
egrep "^Version" README | sed 's/Version //' > .version
echo "const char VERSION[] = \"`cat .version`\";" > version.h
gcc -O2 -o nullidentd nullidentd.c
rm -f /usr/local/sbin/nullidentd
cp nullidentd /usr/local/sbin/nullidentd
chown root.root /usr/local/sbin/nullidentd
chown: root: invalid group name
make: *** [install] Error 1


Any ideas? I'd love to take advantage of this.



[ Reply to This | # ]
Error when doing make install
Authored by: sardu_mac on Jan 16, '03 12:52:49AM
Edit the Makefile and make these changes (around line 24): install: nullidentd +  mkdir -p $(INSTALL)   rm -f $(INSTALL)/nullidentd   cp nullidentd $(INSTALL)/nullidentd -  chown root.root $(INSTALL)/nullidentd +  chown root.admin $(INSTALL)/nullidentd   chmod a-rw $(INSTALL)/nullidentd   chmod a+x $(INSTALL)/nullidentd For those who've never seen a patchfile before, the line with the - is the line to look for, the + is what to change it to... don't actually put the -/+ at the beginning of the line. Basically, add the 'mkdir -p' command and change 'root.root' to 'root.admin'. Keep the lines prefixed with whitespace or a tab. You might also want to make a more optimized build (also a change to the Makefile) -  gcc -O2 -o nullidentd nullidentd.c +  gcc -O3 -prebind -arch ppc -Wl,-no_arch_warnings -o nullidentd nullidentd.c Note that you'll also want to open up port 113 if you use any firewall software (Apple's or otherwise).

[ Reply to This | # ]
Error when doing make install
Authored by: sardu_mac on Jan 16, '03 12:56:56AM

Oops...
Looking at the permissions of Apple-installed daemons, that should probably be 'root.wheel', not 'root.admin'.

YMMV



[ Reply to This | # ]
Error when doing make install
Authored by: yosithezet on Jan 16, '03 03:03:05AM

Apple set up group 'wheel' instead of group 'root'. If you go in and look at the installed nullidentd file with ls -l you will see that it is owned by root and group wheel. So ignore the error, it is set up fine.



[ Reply to This | # ]
OK, new problem
Authored by: PimpDaddy on Jan 16, '03 02:51:40AM

Made the changes as you stated, no errors during the make install. Now however, nullidentd just exits when started, or exits when you attempt a connection (telnet localhost 113) stating "Group id is root, exiting." Yes, I did change the grp to wheel, not admin.



[ Reply to This | # ]
OK, new problem
Authored by: yosithezet on Jan 16, '03 03:06:36AM

You are starting nullidentd manually or as part of the inetd.conf as I described?



[ Reply to This | # ]
OK, new problem
Authored by: sardu_mac on Jan 16, '03 07:45:31AM
If you followed yosithezet's instructions you shouldn't be starting it manually. In fact, it states in the README:
nullidentd must be run from inetd.

If you've got it installed ok (/usr/local/sbin/nullidentd exists), try this:
sudo killall nullidentd
If you get no output, run that line again until you see No matching processes were found.

Follow yosithezet's instructions for setting up /etc/inetd.conf.

Make sure inetd is up and running, if not try sudo SystemStarter start IPServices or reboot your machine.

Also read the rant at the end of the README and see if all your trouble is really worth it.
: )

[ Reply to This | # ]
OK, new problem
Authored by: yosithezet on Jan 17, '03 12:28:47AM

Funny you should mention the rant. I found nullidentd after spending an hour on the phone with someone at Apple that said he could tell me how to solve my identd problem behind the Airport (I had it working fine without the Airport) but I'd have to pay $200 for a pro support contract. So I turned to some friends and they suggested nullidentd but gave me the rant also. But then the question arises...is it worth it?

Well if your wife wanted to use IRC with servers that require identd you'd go to the end of the earth to make it work too. ;)



[ Reply to This | # ]
nullidentd & ipfw?
Authored by: TicToc on Mar 12, '03 05:34:51PM
Slight variation on the above - I am using an old 7300 w G3/300 as a software router, running Mac OS X 10.1.5, ipfw and natd. I'd like to access irc servers from my LAN, and ran into the ident problem.

Installing nullidentd on the router solved the problem (thanks for the hint!), but with one wrinkle: I had to open up my firewall with a rule: allow all from any to any. Not great!

I did try: allow tcp from any 113 to any 113 and allow udp from any 113 to any 113 ...but that didn't work (the udp rule was based on a single comment somewhere in an archived usenet post on Google...).

Can anyone tell me what ipfw rules I should insert to allow nullidentd to work when running on the router?

TIA

PS In case anyone is interested, I had to modify the nullidentd makefile to get it to compile on 10.1.5, by changing the compiler from "gcc" to "cc".

[ Reply to This | # ]

is this still valid? nullidentd is gone
Authored by: cancer on Sep 04, '04 03:33:04AM

does this fix still work?

i'd like to give it a try, but nullidentd is gone from the website.



[ Reply to This | # ]
is this still valid? nullidentd is gone
Authored by: yosithezet on Apr 24, '05 11:01:39AM

Try grabbing it from http://software.linspire.com/pool-src/n/nullidentd/



[ Reply to This | # ]