From: root Date: Tue, 3 Aug 2010 15:51:55 +0000 (+0200) Subject: Merge branch 'template' of ssh://matthijs@git.stderr.nl/matthijs/servers/drsnuggles... X-Git-Url: https://git.stderr.nl/gitweb?a=commitdiff_plain;h=refs%2Fheads%2Fldap;hp=2c1aaceb27c479f2aeaec517e81fd466105371d9;p=matthijs%2Fservers%2Fdrsnuggles.git Merge branch 'template' of ssh://matthijs@git.stderr.nl/matthijs/servers/drsnuggles into ldap * 'template' of ssh://matthijs@git.stderr.nl/matthijs/servers/drsnuggles: oidentd: Allow the vserver host to forward connections. oidentd: Add default configuration. --- diff --git a/etc/default/oidentd b/etc/default/oidentd new file mode 100644 index 0000000..f807bd5 --- /dev/null +++ b/etc/default/oidentd @@ -0,0 +1,20 @@ +# options to use when starting oidentd as daemon: +# -m lookup masquaraded connections in /etc/oidentd_masq.users +# -f forward requests for masquaraded connections to real host +# -q don't log connections to oidentd +# -P allow forwarded connectsions from this host. We use our own +# hostname here, since connections will be forwarded from oidentd +# on the vserver host. Those connections will appear to originate +# from our own (and only) IP address. +# see oidentd(8) for detailed list +OIDENT_OPTIONS="-mf -P `hostname`" + +# user / group +OIDENT_USER=oident +OIDENT_GROUP=oident + +# Allow the default router to act as an oidentd proxy? (yes/no) +# Since the vserver stuff messes up this autodetection, we pass in -P +# above instead. +OIDENT_BEHIND_PROXY=no + diff --git a/etc/oidentd.conf b/etc/oidentd.conf new file mode 100644 index 0000000..03b28d8 --- /dev/null +++ b/etc/oidentd.conf @@ -0,0 +1,22 @@ +# Configuration for oidentd +# see oidentd.conf(5) +# +default { + default { + deny spoof + deny spoof_all + deny spoof_privport + allow random + allow random_numeric + allow numeric + deny hide + } +} + +# you may want to hide root connections +#user "root" { +# default { +# force reply "UNKNOWN" +# } +#} + diff --git a/etc/oidentd_masq.conf b/etc/oidentd_masq.conf new file mode 100644 index 0000000..8fb03f1 --- /dev/null +++ b/etc/oidentd_masq.conf @@ -0,0 +1,11 @@ +# oident masquarded connections configuration + +# use this file if your host is masquarading connections for several +# hosts and you want to return a reply based on the hostname of +# the originating machine +# by default, such requests are forwarded to the real host. +# you can disable forwarding by removing "-f" from OIDENT_OPTIONS +# in /etc/default/oidentd + +# add hosts in the following format, see oidentd_masq.conf(5) for details: +# [/mask]