To create new wiki account, please join us on #znc at freenode and ask admins to create a wiki account for you. You can say thanks to spambots for this inconvenience.


From ZNC
(Redirected from Using ident spoofs)
Jump to: navigation, search

The identfile module places the ident of a user to a file when they are trying to connect. When the IRC server gets the connection request, it will query your system for the ident. An ident server such as oidentd or ident2 can read the ident file and send this ident back to the IRC server. Afterwards ZNC writes back the old contents of your ident file.



This global module takes no arguments.

Read loading modules to learn more about loading modules.


Output of /msg *identfile help:

 | Command   | Arguments | Description          |
 | GetFile   |           |                      |
 | GetFormat |           |                      |
 | Help      | search    | Generate this output |
 | SetFile   | <file>    |                      |
 | SetFormat | <format>  |                      |
 | Show      |           |                      |

The format uses ExpandString, so %ident% will be expanded to ident. This is the value taken from the Ident field set for that ZNC user, or optionally, the network specific setting if there is one.

Another commonly used value is %user%, which is the name of the ZNC user connecting to IRC. As it may not be changed by normal ZNC users, it's often useful for BNC providers or anyone sharing the ZNC instance with others.

Using identfile with oidentd[edit]

1. Your /etc/oidentd.conf file must allow the user ZNC runs as to spoof ident replies (the spoof capability). If your system has a user with the same name as one of the ZNC users, the spoof_all capability is also required.

Example file (replace "znc" with the user that ZNC will run on):

user "znc" {
    default {
        allow spoof
        allow spoof_all

2. Create an empty .oidentd.conf file in the home directory of the user you are running ZNC as. Create this file while logged in as the ZNC user:

touch ~/.oidentd.conf
chmod 644 ~/.oidentd.conf

3. oidentd must be able to read your ~/.oidentd.conf file. Therefore, the ZNC user's home directory permissions should be at least 711 (world executable, rwx--x--x).

chmod 711 ~

4. Finally, load and configure the identfile module. This can be done using the following commands:

/msg *status loadmod identfile
/msg *identfile setfile ~/.oidentd.conf
/msg *identfile setformat global { reply "%user%" }

Check ExpandString for possible variables

Note: oidentd 2.1.0 and earlier did not bind to IPv6 by default. When using one of these versions, oidentd needs to be run as oidentd -a :: if IPv6 support is desired.

Using identfile with ident2[edit]

Warning: Ident2 does not support IPv6

1. Install ident2. By default when you install ident2 on debian it will automatically be configured and started via xinetd. If you are starting ident2 manually you will need to start it with the "-n" argument. This allows using an ident file in a user's homedir over there username for ident, and is required for use with the identfile module.

2. Next load and configure the identfile module. This can be done with the following commands.

/msg *status loadmod identfile
/msg *identfile setfile ~/.ident
/msg *identfile setformat ident %ident%

File Permissions[edit]

ident2 must be able to read your "~/.ident file". Therefore ZNC's homedir should at least have 711 (world executable, rwx--x--x) permissions. Commonly most homedir's are created as executable by other users but if this is not the case then you can use the following commands to change the permissions.

chmod 711 ~
touch ~/.ident
chmod 644 ~/.ident

Chrooted installs with identfile[edit]

If you have chrooted your ZNC installation you can still use identfile. Simply create a symbolic link to the ident file inside the chroot:

ln -s /home/bouncer/ident /var/chroot/home/bouncer/ident

You will need to change the "ident" part of each file to the actual file that your ident system uses, for oidentd it would become the following:

ln -s /home/bouncer/.oidentd.conf /var/chroot/home/bouncer/.oidentd.conf

All changes made by ZNC to the chromed ident file will now be visible for your ident server. An other way is, to chroot the ident server too which is more secure, but isn't easy for novice users.


Using ident spoofs with identserver and iptables

Troubleshooting tips[edit]

1. You will most likely have to chmod /home and /home/user with 644 permissions manually in order for the configuration file to be read.

2. You may have to reconnect or restart ZNC after completing this.

3. If there are any firewalls between ZNC and the IRC server, TCP port 113 needs to be permitted.

4. If the oidentd configuration file contains a default block, the znc user directive should be placed below it (not inside default).

5. Don't forget to restart or reload your identd after configuration changes.