Installing oidentd
oidentd helps provide ident, which is necessary if you're providing a public bouncer or shell account. Ident helps you uniquely identify your users on IRC. Even if a user changes his nick, you can figure out which user it was on your system based on his ident. This makes it easier to prevent abuse.
NOTICE: Do not confuse oidentd with identd. identd is part of OpenBSD base, whereas oidentd is a third-party package. If you enable identd, oidentd will not be able to bind on the proper socket, and this will interfere with oidentd's ability to spoof replies.
First, we install oidentd:
$ doas pkg_add oidentd
Afterwards, inside /etc/rc.local, we put the following:
if [ -x /usr/local/sbin/oidentd ]; then
echo -n ' oidentd'; /usr/local/sbin/oidentd -u _identd -g _identd
fi
Warning: Do not use -a :: as suggested in znc's wiki or ident will not work for IPv4.
This ensures that oident starts at bootup and runs as the user and group _identd.
Now, to start oidentd, run:
$ doas /usr/local/sbin/oidentd -u _identd -g _identd
Spoofing Ident (Optional)
If you need to spoof ident replies, put this inside /etc/oidentd.conf:
user "username" {
default {
allow spoof
allow spoof_all
}
}
For example, ZNC needs ident spoofing to work.
If you want to force an ident reply, use
user "username" {
default {
force reply "botnick"
}
}
Replace botnick with your desired ident.