# $Header: /usr/src/nidentd-2.0/RCS/INSTALL,v 2.0 92/05/04 17:42:45 nigelm Exp $

Building and installation Instrcutions
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Caveat
------
   This code is intended to run in a privaleged state - ie with root
   privaleges, or at least enough privaleges to read /dev/kmem.
   You owe it to yourself to at least look at the code - does it
   do anything untoward, does it write files, does it read
   information that it shouldn't do.  I've tried to make the code
   at least understandable, and I suggest you have a go before handing
   me the keys to your computer!  I also strongly advise you to 
   compile your own copy up from the source code - you never
   know what I packaged with this kit :-).
   Caveat-installer!
   
Building
--------
1. Check the Makefile
   Uncomment the options for your machine type,
   and comment them for everything else!
   [They are correct for a NeXT]
   (If your machine is not directly supported then guess!)

2. Check the paths.h file and modify if necessary.
 
3. Type "make"
   You will almost certainly get warnings related to argument
   passing between pointers and integers etc.  These can be
   ignored (tacky I know!).

4. You will now have identd, tcpuname, tcpuid and libauth-4.0/authuser.o
   built (the last is a library for using the identd).

Initial Testing
---------------
0. You need to be doing this from an account that has sufficient
   privalege to read /dev/kmem - on a NeXT this means you must
   be root or in group kmem.

1. (Easy Way!)
   Run netstatuser in the build directory - "make initialtest".
   If this gives a list of connections, each with an appropriate user
   on it then most everything is working!
   Reasons for failing:-
	tcpuname hasn't built properly
	You cannot read /dev/kmem
	Bugs!
  If this works you can skip 2!

2. Alternate way - use tcpuname & tcpuid on an existing connection.
   Again you need to be able to read kmem

Installation
------------
1. "make install" should put things in the right place.
   You will need to be root to do this.
   (Check the Makefile to see if you approve).

2. Edit /etc/services and make sure that there is a line like this:-
   "ident 113/tcp auth"

3. On a NeXT make sure that services is loaded up into netinfo using
   "niload -v services . </etc/services" or by using NetInfoManager.
   You could load this into the root domain - but be careful!

4. Edit the file /etc/inetd.conf to contain a line (you can replace "root" 
   with a user with enough rights to READ the kernel memory.
   "root" will work fine on a NeXT - you aren't giving away
   any extra privaleges.  However an alternative is to make a
   user in the kmem group (or with kmem as one of their other
   group IDs) and substitute that user for root.

     ident     stream  tcp  nowait  root   /usr/etc/identd    identd

4. Restart the inetd (a SIGHUP should work).

5. If you want normal users to be able to interrogate connections,
   and so use the netstatuser program etc, then you need to make
   identd setgid to the kmem group.
   	make setgid
   will do this, but be aware that this may open security holes -
   I'm not saying it does, but I have not thought this through!
   
Installation Testing
--------------------
1. "make finaltest"
   Will make and run Dan's test program - this needs the authuser library
   to be installed.
   After the compiler warnings(!) you should see something like this
	system says host is 144.32.136.37
	authuser says host is 144.32.136.37
	system says username is nigelm
	authd says username is nigelm
	Everything looks okay to me.

