Page MenuHomeDevCentral
Create Task
Maniphest T1047

Install oidentd on Eglide
Closed, ResolvedPublic
Actions

Description

As Eglide welcomes IRC activities, we need an oidentd server with the following rules:

  • use account name by default
  • can spoof any alphanumerical string
  • can't spoof other user account name

This required the software an an /etc/oidentd.conf like:

/usr/local/etc/oidentd.conf on Grip
default {
        default {
                allow spoof
                deny spoof_all
                deny spoof_privport
                allow random_numeric
                allow numeric
                allow hide
        }
}

user root {
        default {
                force reply "alexander"
        }
}

Problem we have

Currently, we don't listen to the oidentd requests.

As Scaleway redirects a public IP to a private IP, does oidentd handle that correctly?

Revisions and Commits

rOPS Nasqueron Operations
D707rOPS3e4e1c4b24db Install and configure oidentd on Eglide

Related Objects

Event Timeline

dereckson claimed this task.Nov 12 2016, 02:01
dereckson added a subscriber: dereckson.
Herald added a project: Servers. · View Herald TranscriptNov 12 2016, 02:01
dereckson renamed this task from Install oident on Eglide to Install oidentd on Eglide.Nov 12 2016, 02:05
dereckson updated the task description. (Show Details)
dereckson added projects: Eglide, IRC, Salt, User-Dereckson.
dereckson removed a subscriber: dereckson.

Actually, allow spoof_all and allow spoof_privport are fine.

dereckson removed dereckson as the assignee of this task.Nov 12 2016, 02:06
dereckson added subscribers: dereckson, tomjerr.
dereckson added a comment.Nov 12 2016, 02:26
In T1047#12375, @dereckson wrote:

Actually, allow spoof_all and allow spoof_privport are fine.

Nope, they aren't.

From the man page:

  • spoof_all: Allow the usernames of other users to be used as ident responses.
  • spoof_privport: Allow ident replies to be spoofed on privileged ports (ports lower than 1024).

As user accounts don't use ports < 1024 and we don't have a legitimate case to share usernames, Grip config works fine.

dereckson added a revision: D707: Install and configure oidentd on Eglide.Nov 12 2016, 02:29
dereckson claimed this task.Nov 12 2016, 03:15
dereckson added a comment.Nov 12 2016, 03:30

Installation and config works, but spoof didn't work with the following .oidentd.conf file with irssi or weechat:

~/.oidentd.conf
global {
        reply "quuxian"
}
dereckson triaged this task as Low priority.Nov 12 2016, 03:31
dereckson added a commit: rOPS3e4e1c4b24db: Install and configure oidentd on Eglide.Nov 12 2016, 14:24
dereckson added a comment.Dec 3 2016, 14:13

oidentd is installed, any configuration step can be done separately if needed.

dereckson closed this task as Resolved.Dec 3 2016, 14:13
dereckson reopened this task as Open.Jan 11 2017, 18:27
dereckson moved this task from Backlog to Server config on the Eglide board.Jan 12 2017, 05:03
dereckson moved this task from Backlog to Eglide on the Servers board.Jan 16 2017, 08:48
dereckson raised the priority of this task from Low to Normal.EditedMar 3 2017, 12:54

Bumping priority as @tomjerr needs this.

dereckson updated the task description. (Show Details)Sep 6 2017, 18:59
dereckson added a comment.Oct 12 2017, 16:29

Works now, probably a bug fixed during an upgrade :)

dereckson closed this task as Resolved.Oct 12 2017, 16:29
dereckson mentioned this in T1683: Review oidentd configuration, availability and documenation.Feb 20 2022, 12:38
Nasqueron DevCentral · If it had been much bigger the moon would have had a core of ice. · Powered by Phabricator