Installing oidentd is necessary if you're providing a public bouncer. Ident helps ensure that a user of your bouncer can always be uniquely identified, making it easier to ban that user and prevent abuse.
You may want to consult [[https://wiki.znc.in/Identfile|znc's wiki]] as a reference.
First, we install oidentd:
$ doas pkg_add oidentd
Afterwards, inside /etc/rc.local, we put the following:
if [ -x /usr/local/sbin/oidentd ]; then
echo -n ' oidentd'; /usr/local/sbin/oidentd -a :: -u _identd -g _identd
fi
This ensures that oident starts at bootup and runs as the user and group _identd.
Put this inside /etc/oidentd.conf to spoof ident replies:
user "znc" {
default {
allow spoof
allow spoof_all
}
}
Make sure [[openbsd:irc:znc|the identfile module]] is loaded on znc.
We need to create ~/.oidentd.conf inside the home folder for znc that oidentd will read from to spoof ident replies. This is made more tricky by the fact that znc runs inside a chroot:
$ doas touch /home/znc/home/znc/.oidentd.conf
$ doas ln -s /home/znc/home/znc/.oidentd.conf /home/znc/.oidentd.conf
$ doas chmod 664 /home/znc/.oidentd.conf /home/znc/home/znc/.oidentd.conf
$ doas chmod 755 /home/znc/ /home/znc/home /home/znc/home/znc
$ doas chown znc:znc /home/znc/.oidentd.conf /home/znc/home/znc/.oidentd.conf
ZNC's identfile module will help write to /home/znc/home/znc/.oidentd.conf, which in turn is symlinked to /home/znc/.oidentd.conf . This latter file is what oidentd reads from. We must make sure oidentd can read the .oidentd.conf file by ensuring the permissions on each of the directories leading up the file are at least rwx--x--x.
While connected to znc using an account with admin rights, send this through your IRC client:
/msg *status loadmod identfile
/msg *identfile setfile ~/.oidentd.conf
/msg *identfile setformat global { reply "%user%" }
This sets the ident reply to be the username (which the user can't change), ensuring that ident replies can't be spoofed by the user.