1 version=pmwiki-2.2.130 ordered=1 urlencoded=1
2 agent=Mozilla/5.0 (X11; OpenBSD amd64; rv:82.0) Gecko/20100101 Firefox/82.0
11 text=(:title Configuring oidentd for ZNC:)%0a%0aInstalling oidentd is necessary if you're providing a public bouncer. Ident helps ensure that a user of your bouncer can always be uniquely identified, making it easier to ban that user and prevent abuse.%0a%0aYou may want to consult [[https://wiki.znc.in/Identfile|znc's wiki]] as a reference.%0a%0aFirst, we install oidentd:%0a%0a[@%0a$ doas pkg_add oidentd%0a@]%0a%0aAfterwards, inside /etc/rc.local, we put the following:%0a%0a[@%0aif [ -x /usr/local/sbin/oidentd ]; then%0a echo -n ' oidentd'; /usr/local/sbin/oidentd -u _identd -g _identd%0afi%0a@]%0a%0a'''Warning''': Do not use -a :: as suggested in znc's wiki or ident will not work for IPv4.%0a%0aThis ensures that oident starts at bootup and runs as the user and group _identd.%0a%0aNow, to start oidentd, run: %0a%0a[@%0a$ doas /usr/local/sbin/oidentd -u _identd -g _identd%0a@]%0a%0aPut this inside /etc/oidentd.conf to spoof ident replies:%0a%0a[@%0auser "znc" {%0a default {%0a allow spoof%0a allow spoof_all%0a }%0a}%0a@]%0a%0aMake sure [[openbsd/znc|the identfile module]] is loaded on znc. %0a%0aWe need to create ~/.oidentd.conf inside the home folder for znc that oidentd will read from to spoof ident replies. This is made more tricky by the fact that znc runs inside a chroot:%0a%0a[@%0a$ doas touch /home/znc/home/znc/.oidentd.conf%0a$ doas ln -s /home/znc/home/znc/.oidentd.conf /home/znc/.oidentd.conf%0a$ doas chmod 664 /home/znc/.oidentd.conf /home/znc/home/znc/.oidentd.conf%0a$ doas chmod 755 /home/znc/ /home/znc/home /home/znc/home/znc%0a$ doas chown znc:znc /home/znc/.oidentd.conf /home/znc/home/znc/.oidentd.conf%0a@]%0a%0aZNC's identfile module will help write to /home/znc/home/znc/.oidentd.conf, which in turn is symlinked to /home/znc/.oidentd.conf . This latter file is what oidentd reads from. We must make sure oidentd can read the .oidentd.conf file by ensuring the permissions on each of the directories leading up the file are at least rwx--x--x.%0a%0aWhile connected to znc using an account with admin rights, send this through your IRC client:%0a%0a[@%0a/msg *status loadmod identfile%0a/msg *identfile setfile ~/.oidentd.conf%0a/msg *identfile setformat global { reply "%25user%25" }%0a@]%0a%0aThis sets the ident reply to be the username (which the user can't change), ensuring that ident replies can't be spoofed by the user.%0a%0a'''Ident Changes by Admins:'''%0a%0aAs we can see, the above command:%0a[@%0a/msg *identfile setformat global { reply "%25user%25" }%0a@]%0awon't allow user to change their ident, and there has been some recent requests on change of ident we admins are required to change it as per the user wants.%0a%0aBut, with the settings above, which reads the znc username as ident reply we can't easily change ident, and hence we used to clone the user account and change the username as their desired ident name, as a result it enforces the user to use new znc username.%0a%0aThere's an alternate way where we can fix this without tampering the username, so upon any ident change requests, we have to run the following in our irc client:%0a%0a[@%0a/msg *identfile setformat global { reply "%25ident%25" }%0a@]%0a%0aWe can then goto the requested users znc settings and change ident box contents to their desired ident for all of their networks, disconnect the user and reconnect the user. %0a%0aVoila, it reads the ident box as "ident", but, this setting alone would also allows the user to change the ident by themself (which we don't want). So, after we successfully confirmed the user's ident reply changed as their desired one. We now have to run the following command on irc-client:%0a%0a[@%0a/msg *identfile setformat global { reply "%25user%25" }%0a@]%0a%0aAfter this, '''Do Not''' restart the user. Hence the ident displays the changed one (untill there's a disconnection and reconnection), but also disallows the user to make any changes with it.%0a%0aBut, this is a temporary solution. Everytime the user gets disconnected, upon re-connection, the ident will be changed to their "username".%0a%0aNow, if a single user gets disconnected, we can use the above method to set the new ident and move on.%0aIn the case of server down or other issues, where all znc users get disconnected. We have to do the following in irc-client:%0a%0a[@%0a/msg *identfile setformat global { reply "%25ident%25" }%0a@]%0a%0aAnd '''restart znc''', make sure the idents of the users changed by checking any random user you know whom uses different username and ident,%0a%0aThis way, whatever the user placed on "ident" box would read as ident and gets displayed. %0a%0aAfterwards, the following command should be run via irc-client%0a %0a[@%0a/msg *identfile setformat global { reply "%25user%25" }%0a@]%0a%0aThis ensures the user can't change it afterwards. %0a%0a'''Note: The user must have their desired ident on their znc's identbox'''%0a%0aAs you can see, the process is pretty much manual, everytime we have a znc shutdown by any cause, we have to run the above said commands to make sure the user gets their desired ident as well as we have control over the ident.%0a%0a'''Note : If your server has very less users whom use a different ident from their username, It is advised to do manually fix theirs (individually) and restart their znc's, rather than restarting the whole znc.'''%0a%0aIf you have alternative solutions or a way to automate the process, kindly do suggest them.
13 title=Configuring oidentd for ZNC
14 author:1614414819=jrmu
15 diff:1614414819:1613133698:=24,29d23%0a%3c %0a%3c Now, to start oidentd, run: %0a%3c %0a%3c [@%0a%3c $ doas /usr/local/sbin/oidentd -u _identd -g _identd%0a%3c @]%0a
16 host:1614414819=198.251.81.119
17 author:1613133698=jrmu
18 diff:1613133698:1613133698:=1,113d0%0a%3c (:title Configuring oidentd for ZNC:)%0a%3c %0a%3c Installing oidentd is necessary if you're providing a public bouncer. Ident helps ensure that a user of your bouncer can always be uniquely identified, making it easier to ban that user and prevent abuse.%0a%3c %0a%3c You may want to consult [[https://wiki.znc.in/Identfile|znc's wiki]] as a reference.%0a%3c %0a%3c First, we install oidentd:%0a%3c %0a%3c [@%0a%3c $ doas pkg_add oidentd%0a%3c @]%0a%3c %0a%3c Afterwards, inside /etc/rc.local, we put the following:%0a%3c %0a%3c [@%0a%3c if [ -x /usr/local/sbin/oidentd ]; then%0a%3c echo -n ' oidentd'; /usr/local/sbin/oidentd -u _identd -g _identd%0a%3c fi%0a%3c @]%0a%3c %0a%3c '''Warning''': Do not use -a :: as suggested in znc's wiki or ident will not work for IPv4.%0a%3c %0a%3c This ensures that oident starts at bootup and runs as the user and group _identd.%0a%3c %0a%3c Put this inside /etc/oidentd.conf to spoof ident replies:%0a%3c %0a%3c [@%0a%3c user "znc" {%0a%3c default {%0a%3c allow spoof%0a%3c allow spoof_all%0a%3c }%0a%3c }%0a%3c @]%0a%3c %0a%3c Make sure [[openbsd/znc|the identfile module]] is loaded on znc. %0a%3c %0a%3c We need to create ~/.oidentd.conf inside the home folder for znc that oidentd will read from to spoof ident replies. This is made more tricky by the fact that znc runs inside a chroot:%0a%3c %0a%3c [@%0a%3c $ doas touch /home/znc/home/znc/.oidentd.conf%0a%3c $ doas ln -s /home/znc/home/znc/.oidentd.conf /home/znc/.oidentd.conf%0a%3c $ doas chmod 664 /home/znc/.oidentd.conf /home/znc/home/znc/.oidentd.conf%0a%3c $ doas chmod 755 /home/znc/ /home/znc/home /home/znc/home/znc%0a%3c $ doas chown znc:znc /home/znc/.oidentd.conf /home/znc/home/znc/.oidentd.conf%0a%3c @]%0a%3c %0a%3c ZNC's identfile module will help write to /home/znc/home/znc/.oidentd.conf, which in turn is symlinked to /home/znc/.oidentd.conf . This latter file is what oidentd reads from. We must make sure oidentd can read the .oidentd.conf file by ensuring the permissions on each of the directories leading up the file are at least rwx--x--x.%0a%3c %0a%3c While connected to znc using an account with admin rights, send this through your IRC client:%0a%3c %0a%3c [@%0a%3c /msg *status loadmod identfile%0a%3c /msg *identfile setfile ~/.oidentd.conf%0a%3c /msg *identfile setformat global { reply "%25user%25" }%0a%3c @]%0a%3c %0a%3c This sets the ident reply to be the username (which the user can't change), ensuring that ident replies can't be spoofed by the user.%0a%3c %0a%3c '''Ident Changes by Admins:'''%0a%3c %0a%3c As we can see, the above command:%0a%3c [@%0a%3c /msg *identfile setformat global { reply "%25user%25" }%0a%3c @]%0a%3c won't allow user to change their ident, and there has been some recent requests on change of ident we admins are required to change it as per the user wants.%0a%3c %0a%3c But, with the settings above, which reads the znc username as ident reply we can't easily change ident, and hence we used to clone the user account and change the username as their desired ident name, as a result it enforces the user to use new znc username.%0a%3c %0a%3c There's an alternate way where we can fix this without tampering the username, so upon any ident change requests, we have to run the following in our irc client:%0a%3c %0a%3c [@%0a%3c /msg *identfile setformat global { reply "%25ident%25" }%0a%3c @]%0a%3c %0a%3c We can then goto the requested users znc settings and change ident box contents to their desired ident for all of their networks, disconnect the user and reconnect the user. %0a%3c %0a%3c Voila, it reads the ident box as "ident", but, this setting alone would also allows the user to change the ident by themself (which we don't want). So, after we successfully confirmed the user's ident reply changed as their desired one. We now have to run the following command on irc-client:%0a%3c %0a%3c [@%0a%3c /msg *identfile setformat global { reply "%25user%25" }%0a%3c @]%0a%3c %0a%3c After this, '''Do Not''' restart the user. Hence the ident displays the changed one (untill there's a disconnection and reconnection), but also disallows the user to make any changes with it.%0a%3c %0a%3c But, this is a temporary solution. Everytime the user gets disconnected, upon re-connection, the ident will be changed to their "username".%0a%3c %0a%3c Now, if a single user gets disconnected, we can use the above method to set the new ident and move on.%0a%3c In the case of server down or other issues, where all znc users get disconnected. We have to do the following in irc-client:%0a%3c %0a%3c [@%0a%3c /msg *identfile setformat global { reply "%25ident%25" }%0a%3c @]%0a%3c %0a%3c And '''restart znc''', make sure the idents of the users changed by checking any random user you know whom uses different username and ident,%0a%3c %0a%3c This way, whatever the user placed on "ident" box would read as ident and gets displayed. %0a%3c %0a%3c Afterwards, the following command should be run via irc-client%0a%3c %0a%3c [@%0a%3c /msg *identfile setformat global { reply "%25user%25" }%0a%3c @]%0a%3c %0a%3c This ensures the user can't change it afterwards. %0a%3c %0a%3c '''Note: The user must have their desired ident on their znc's identbox'''%0a%3c %0a%3c As you can see, the process is pretty much manual, everytime we have a znc shutdown by any cause, we have to run the above said commands to make sure the user gets their desired ident as well as we have control over the ident.%0a%3c %0a%3c '''Note : If your server has very less users whom use a different ident from their username, It is advised to do manually fix theirs (individually) and restart their znc's, rather than restarting the whole znc.'''%0a%3c %0a%3c If you have alternative solutions or a way to automate the process, kindly do suggest them.%0a\ No newline at end of file%0a
19 host:1613133698=198.251.81.119
