pimpd - Peter's Ident Masquerading Program Daemon v0.8

	Copyright (c) 2000-2001 Peter Nelson <peter@cats.meow.at>
	http://cats.meow.at/~peter/pimpd.html


DESCRIPTION
	
	A hopefully RFC1413 compliant identd server with masqueraded
	connections support, designed to be executed from inetd.

	Pimpd is licensed under the terms of the GNU General Public
	License.


CHANGES

	0.7 -> 0.8

	* Changed -f to only reply with fakeid on an error.
	* Added -a to always respond with the fakeid.

	0.6 -> 0.7

	* Added -f <name> option to always respond with a specified userid.
	* Added -x option to respond with the IP address in hexadecimal form
	  if request is to be forwarded.
	* Code cleanups.

	0.5 -> 0.6

	* Added -g to automatically determine gateway address from
	  the routing table.

	0.4 -> 0.5

	* Request forwarding code cleaned up and fixed by Doug Lim
	  <dlim@enteract.com>.
	
	0.3 -> 0.4
	
	* Added support for Linux 2.4.x connection tracking.
	* Restructured code.

	IP Masquerade support has not been tested in this release. Let
	me know if there's any problems.

	0.2 -> 0.3

	* Added ~/.noident support. Simply touch ~/.noident to cause
	  pimpd to withhold username.
	* Corrected masqueraded port numbers to be what the client
	  expects them to be.

	0.1 -> 0.2

	* Change from using int to in_addr for variables storing IPs.
	* Updated masquerade error output to be RFC compliant.
	* Dropped or timed out connections are now logged.
	   

ARGUMENTS
	
	-h
	
	-h shows brief usage information for pimpd.
	
	-t <timeout>

	The default connection timeout of 60 seconds can be overrided with
	the -t option, with a parameter specified in seconds. Legal RFC1413
	compliant values are within the range of 60 to 180 seconds although
	pimpd does not do bounds checking on this value.

	-m <host>
	
	The -m option is used on the client machines behind the masquerading
	server to specify which host to accept ident requests from
	unconditionally. The host must be given in dotted IP form (e.g.
	192.168.0.1). Normally the daemon will respond with an error message
	to requests where the originating IP of the request does not match
	the IP address for the requested ports. This option should not be
	used on the masquerading server itself, but it is required for the
	client machines otherwise the masquerading functionality will not
	work.

	-g

	Specifying -g will tell pimpd to get the IP of the masquerading server
	from the default gateway in the routing table.

INSTALLATION

	Type `make` to compile the daemon, and `make install` to install it
	to /usr/sbin/pimpd. Please let me know if you have any problems
	compiling the source. Pimpd should be executed from inetd. The
	following lines could be inserted into /etc/inetd.conf.
	
	auth stream tcp nowait nobody /usr/sbin/pimpd pimpd

	This will run pimpd with the default timeout of 60 seconds.

	auth stream tcp nowait nobody /usr/sbin/pimpd pimpd -m 192.168.1.2

	This line will allow a pimpd daemon running on the IP masquerading
	host at 192.168.1.2 to perform trusted lookups for any port pair.


NOTES

	Pimpd logs connections using syslog via the AUTHPRIV facility.


BUGS

	Seriously?
