1.\" Copyright (c) 1985, 1991, 1993, 1994 2.\" The Regents of the University of California. All rights reserved. 3.\" 4.\" Redistribution and use in source and binary forms, with or without 5.\" modification, are permitted provided that the following conditions 6.\" are met: 7.\" 1. Redistributions of source code must retain the above copyright 8.\" notice, this list of conditions and the following disclaimer. 9.\" 2. Redistributions in binary form must reproduce the above copyright 10.\" notice, this list of conditions and the following disclaimer in the 11.\" documentation and/or other materials provided with the distribution. 12.\" 3. Neither the name of the University nor the names of its contributors 13.\" may be used to endorse or promote products derived from this software 14.\" without specific prior written permission. 15.\" 16.\" THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND 17.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 18.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 19.\" ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE 20.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 21.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 22.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 23.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 24.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 25.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 26.\" SUCH DAMAGE. 27.\" 28.\" from: @(#)inetd.8 8.3 (Berkeley) 4/13/94 29.\" $FreeBSD$ 30.\" 31.Dd January 12, 2008 32.Dt INETD 8 33.Os 34.Sh NAME 35.Nm inetd 36.Nd internet 37.Dq super-server 38.Sh SYNOPSIS 39.Nm 40.Op Fl d 41.Op Fl l 42.Op Fl w 43.Op Fl W 44.Op Fl c Ar maximum 45.Op Fl C Ar rate 46.Op Fl a Ar address | hostname 47.Op Fl p Ar filename 48.Op Fl R Ar rate 49.Op Fl s Ar maximum 50.Op Ar configuration file 51.Sh DESCRIPTION 52The 53.Nm 54utility should be run at boot time by 55.Pa /etc/rc 56(see 57.Xr rc 8 ) . 58It then listens for connections on certain 59internet sockets. 60When a connection is found on one 61of its sockets, it decides what service the socket 62corresponds to, and invokes a program to service the request. 63The server program is invoked with the service socket 64as its standard input, output and error descriptors. 65After the program is 66finished, 67.Nm 68continues to listen on the socket (except in some cases which 69will be described below). 70Essentially, 71.Nm 72allows running one daemon to invoke several others, 73reducing load on the system. 74.Pp 75The following options are available: 76.Bl -tag -width indent 77.It Fl d 78Turn on debugging. 79.It Fl l 80Turn on logging of successful connections. 81.It Fl w 82Turn on TCP Wrapping for external services. 83See the 84.Sx "IMPLEMENTATION NOTES" 85section for more information on TCP Wrappers support. 86.It Fl W 87Turn on TCP Wrapping for internal services which are built in to 88.Nm . 89.It Fl c Ar maximum 90Specify the default maximum number of 91simultaneous invocations of each service; 92the default is unlimited. 93May be overridden on a per-service basis with the "max-child" 94parameter. 95.It Fl C Ar rate 96Specify the default maximum number of times a service can be invoked 97from a single IP address in one minute; the default is unlimited. 98May be overridden on a per-service basis with the 99"max-connections-per-ip-per-minute" parameter. 100.It Fl R Ar rate 101Specify the maximum number of times a service can be invoked 102in one minute; the default is 256. 103A rate of 0 allows an unlimited number of invocations. 104.It Fl s Ar maximum 105Specify the default maximum number of 106simultaneous invocations of each service from a single IP address; 107the default is unlimited. 108May be overridden on a per-service basis with the "max-child-per-ip" 109parameter. 110.It Fl a 111Specify one specific IP address to bind to. 112Alternatively, a hostname can be specified, 113in which case the IPv4 or IPv6 address 114which corresponds to that hostname is used. 115Usually a hostname is specified when 116.Nm 117is run inside a 118.Xr jail 8 , 119in which case the hostname corresponds to that of the 120.Xr jail 8 121environment. 122.Pp 123When the hostname specification is used 124and both IPv4 and IPv6 bindings are desired, 125one entry with the appropriate 126.Em protocol 127type for each binding 128is required for each service in 129.Pa /etc/inetd.conf . 130For example, 131a TCP-based service would need two entries, 132one using 133.Dq tcp4 134for the 135.Em protocol 136and the other using 137.Dq tcp6 . 138See the explanation of the 139.Pa /etc/inetd.conf 140.Em protocol 141field below. 142.It Fl p 143Specify an alternate file in which to store the process ID. 144.El 145.Pp 146Upon execution, 147.Nm 148reads its configuration information from a configuration 149file which, by default, is 150.Pa /etc/inetd.conf . 151There must be an entry for each field of the configuration 152file, with entries for each field separated by a tab or 153a space. 154Comments are denoted by a 155.Dq # 156at the beginning 157of a line. 158There must be an entry for each field. 159The 160fields of the configuration file are as follows: 161.Pp 162.Bd -unfilled -offset indent -compact 163service-name 164socket-type 165protocol 166{wait|nowait}[/max-child[/max-connections-per-ip-per-minute[/max-child-per-ip]]] 167user[:group][/login-class] 168server-program 169server-program-arguments 170.Ed 171.Pp 172To specify an 173.Tn "ONC RPC" Ns -based 174service, the entry would contain these fields: 175.Pp 176.Bd -unfilled -offset indent -compact 177service-name/version 178socket-type 179rpc/protocol 180{wait|nowait}[/max-child[/max-connections-per-ip-per-minute[/max-child-per-ip]]] 181user[:group][/login-class] 182server-program 183server-program-arguments 184.Ed 185.Pp 186There are two types of services that 187.Nm 188can start: standard and TCPMUX. 189A standard service has a well-known port assigned to it; 190it may be a service that implements an official Internet standard or is a 191.Bx Ns -specific 192service. 193As described in 194.Tn RFC 1078 , 195TCPMUX services are nonstandard services that do not have a 196well-known port assigned to them. 197They are invoked from 198.Nm 199when a program connects to the 200.Dq tcpmux 201well-known port and specifies 202the service name. 203This feature is useful for adding locally-developed servers. 204TCPMUX requests are only accepted when the multiplexor service itself 205is enabled, above and beyond and specific TCPMUX-based servers; see the 206discussion of internal services below. 207.Pp 208The 209.Em service-name 210entry is the name of a valid service in 211the file 212.Pa /etc/services , 213or the specification of a 214.Ux 215domain socket (see below). 216For 217.Dq internal 218services (discussed below), the service 219name 220should 221be the official name of the service (that is, the first entry in 222.Pa /etc/services ) . 223When used to specify an 224.Tn "ONC RPC" Ns -based 225service, this field is a valid RPC service name listed in 226the file 227.Pa /etc/rpc . 228The part on the right of the 229.Dq / 230is the RPC version number. 231This 232can simply be a single numeric argument or a range of versions. 233A range is bounded by the low version to the high version - 234.Dq rusers/1-3 . 235For TCPMUX services, the value of the 236.Em service-name 237field consists of the string 238.Dq tcpmux 239followed by a slash and the 240locally-chosen service name. 241The service names listed in 242.Pa /etc/services 243and the name 244.Dq help 245are reserved. 246Try to choose unique names for your TCPMUX services by prefixing them with 247your organization's name and suffixing them with a version number. 248.Pp 249The 250.Em socket-type 251should be one of 252.Dq stream , 253.Dq dgram , 254.Dq raw , 255.Dq rdm , 256or 257.Dq seqpacket , 258depending on whether the socket is a stream, datagram, raw, 259reliably delivered message, or sequenced packet socket. 260TCPMUX services must use 261.Dq stream . 262.Pp 263The 264.Em protocol 265must be a valid protocol or 266.Dq unix . 267Examples are 268.Dq tcp 269or 270.Dq udp , 271both of which imply IPv4 for backward compatibility. 272The names 273.Dq tcp4 274and 275.Dq udp4 276specify IPv4 only. 277The names 278.Dq tcp6 279and 280.Dq udp6 281specify IPv6 only. 282The names 283.Dq tcp46 284and 285.Dq udp46 286specify that the entry accepts both IPv4 and IPv6 connections 287via a wildcard 288.Dv AF_INET6 289socket. 290Rpc based services 291are specified with the 292.Dq rpc/tcp 293or 294.Dq rpc/udp 295service type. 296One can use specify IPv4 and/or IPv6 with the 4, 6 or 46 suffix, for example 297.Dq rpc/tcp6 298or 299.Dq rpc/udp46 . 300TCPMUX services must use 301.Dq tcp , 302.Dq tcp4 , 303.Dq tcp6 304or 305.Dq tcp46 . 306.Pp 307The 308.Em wait/nowait 309entry specifies whether the server that is invoked by 310.Nm 311will take over 312the socket associated with the service access point, and thus whether 313.Nm 314should wait for the server to exit before listening for new service 315requests. 316Datagram servers must use 317.Dq wait , 318as they are always invoked with the original datagram socket bound 319to the specified service address. 320These servers must read at least one datagram from the socket 321before exiting. 322If a datagram server connects 323to its peer, freeing the socket so 324.Nm 325can receive further messages on the socket, it is said to be 326a 327.Dq multi-threaded 328server; 329it should read one datagram from the socket and create a new socket 330connected to the peer. 331It should fork, and the parent should then exit 332to allow 333.Nm 334to check for new service requests to spawn new servers. 335Datagram servers which process all incoming datagrams 336on a socket and eventually time out are said to be 337.Dq single-threaded . 338The 339.Xr comsat 8 340and 341.Xr talkd 8 342utilities are examples of the latter type of 343datagram server. 344The 345.Xr tftpd 8 346utility is an example of a multi-threaded datagram server. 347.Pp 348Servers using stream sockets generally are multi-threaded and 349use the 350.Dq nowait 351entry. 352Connection requests for these services are accepted by 353.Nm , 354and the server is given only the newly-accepted socket connected 355to a client of the service. 356Most stream-based services operate in this manner. 357Stream-based servers that use 358.Dq wait 359are started with the listening service socket, and must accept 360at least one connection request before exiting. 361Such a server would normally accept and process incoming connection 362requests until a timeout. 363TCPMUX services must use 364.Dq nowait . 365.Pp 366The maximum number of outstanding child processes (or 367.Dq threads ) 368for a 369.Dq nowait 370service may be explicitly specified by appending a 371.Dq / 372followed by the number to the 373.Dq nowait 374keyword. 375Normally 376(or if a value of zero is specified) there is no maximum. 377Otherwise, 378once the maximum is reached, further connection attempts will be 379queued up until an existing child process exits. 380This also works 381in the case of 382.Dq wait 383mode, although a value other than one (the 384default) might not make sense in some cases. 385You can also specify the maximum number of connections per minute 386for a given IP address by appending 387a 388.Dq / 389followed by the number to the maximum number of 390outstanding child processes. 391Once the maximum is reached, further 392connections from this IP address will be dropped until the end of the 393minute. 394In addition, you can specify the maximum number of simultaneous 395invocations of each service from a single IP address by appending a 396.Dq / 397followed by the number to the maximum number of outstanding child 398processes. 399Once the maximum is reached, further connections from this 400IP address will be dropped. 401.Pp 402The 403.Em user 404entry should contain the user name of the user as whom the server 405should run. 406This allows for servers to be given less permission 407than root. 408The optional 409.Em group 410part separated by 411.Dq \&: 412allows a group name other 413than the default group for this user to be specified. 414The optional 415.Em login-class 416part separated by 417.Dq / 418allows specification of a login class other 419than the default 420.Dq daemon 421login class. 422.Pp 423The 424.Em server-program 425entry should contain the pathname of the program which is to be 426executed by 427.Nm 428when a request is found on its socket. 429If 430.Nm 431provides this service internally, this entry should 432be 433.Dq internal . 434.Pp 435The 436.Em server-program-arguments 437entry lists the arguments to be passed to the 438.Em server-program , 439starting with argv[0], which usually is the name of 440the program. 441If the service is provided internally, the 442.Em service-name 443of the service (and any arguments to it) or the word 444.Dq internal 445should take the place of this entry. 446.Pp 447Currently, the only internal service to take arguments is 448.Dq auth . 449Without options, the service will always return 450.Dq ERROR\ : HIDDEN-USER . 451The available arguments to this service that alter its behavior are: 452.Bl -tag -width indent 453.It Fl d Ar fallback 454Provide a 455.Ar fallback 456username. 457If the real 458.Dq auth 459service is enabled 460(with the 461.Fl r 462option discussed below), 463return this username instead of an error 464when lookups fail 465for either socket credentials or the username. 466If the real 467.Dq auth 468service is disabled, 469return this username for every request. 470This is primarily useful when running this service on a NAT machine. 471.It Fl g 472Instead of returning 473the user's name to the ident requester, 474report a 475username made up of random alphanumeric characters, 476e.g.\& 477.Dq c0c993 . 478The 479.Fl g 480flag overrides not only the user names, 481but also any fallback name, 482.Pa .fakeid 483or 484.Pa .noident 485files. 486.It Fl t Xo 487.Ar sec Ns Op . Ns Ar usec 488.Xc 489Specify a timeout for the service. 490The default timeout is 10.0 seconds. 491.It Fl r 492Offer a real 493.Dq auth 494service, as per RFC 1413. 495All the remaining flags apply only in this case. 496.It Fl i 497Return numeric user IDs instead of usernames. 498.It Fl f 499If the file 500.Pa .fakeid 501exists in the home directory of the identified user, report the username 502found in that file instead of the real username. 503If the username found in 504.Pa .fakeid 505is that of an existing user, 506then the real username is reported. 507If the 508.Fl i 509flag is also given then the username in 510.Pa .fakeid 511is checked against existing user IDs instead. 512.It Fl F 513same as 514.Fl f 515but without the restriction that the username in 516.Pa .fakeid 517must not match an existing user. 518.It Fl n 519If the file 520.Pa .noident 521exists in the home directory of the identified user, return 522.Dq ERROR\ : HIDDEN-USER . 523This overrides any 524.Pa fakeid 525file which might exist. 526.It Fl o Ar osname 527Use 528.Ar osname 529instead of the name of the system as reported by 530.Xr uname 3 . 531.El 532.Pp 533The 534.Nm 535utility also provides several other 536.Dq trivial 537services internally by use of 538routines within itself. 539These services are 540.Dq echo , 541.Dq discard , 542.Dq chargen 543(character generator), 544.Dq daytime 545(human readable time), and 546.Dq time 547(machine readable time, in the form of the number of seconds since 548midnight, January 1, 1900). 549All of these services are available in 550both TCP and UDP versions; the UDP versions will refuse service if the 551request specifies a reply port corresponding to any internal service. 552(This is done as a defense against looping attacks; the remote IP address 553is logged.) 554For details of these services, consult the 555appropriate 556.Tn RFC 557document. 558.Pp 559The TCPMUX-demultiplexing service is also implemented as an internal service. 560For any TCPMUX-based service to function, the following line must be included 561in 562.Pa inetd.conf : 563.Bd -literal -offset indent 564tcpmux stream tcp nowait root internal 565.Ed 566.Pp 567When given the 568.Fl l 569option 570.Nm 571will log an entry to syslog each time a connection is accepted, noting the 572service selected and the IP-number of the remote requester if available. 573Unless otherwise specified in the configuration file, 574and in the absence of the 575.Fl W 576and 577.Fl w 578options, 579.Nm 580will log to the 581.Dq daemon 582facility. 583.Pp 584The 585.Nm 586utility rereads its configuration file when it receives a hangup signal, 587.Dv SIGHUP . 588Services may be added, deleted or modified when the configuration file 589is reread. 590Except when started in debugging mode, 591or configured otherwise with the 592.Fl p 593option, 594.Nm 595records its process ID in the file 596.Pa /var/run/inetd.pid 597to assist in reconfiguration. 598.Sh IMPLEMENTATION NOTES 599.Ss TCP Wrappers 600When given the 601.Fl w 602option, 603.Nm 604will wrap all services specified as 605.Dq stream nowait 606or 607.Dq dgram 608except for 609.Dq internal 610services. 611If the 612.Fl W 613option is given, such 614.Dq internal 615services will be wrapped. 616If both options are given, wrapping for both 617internal and external services will be enabled. 618Either wrapping option 619will cause failed connections to be logged to the 620.Dq auth 621syslog facility. 622Adding the 623.Fl l 624flag to the wrapping options will include successful connections in the 625logging to the 626.Dq auth 627facility. 628.Pp 629Note that 630.Nm 631only wraps requests for a 632.Dq wait 633service while no servers are available to service requests. 634Once a 635connection to such a service has been allowed, 636.Nm 637has no control 638over subsequent connections to the service until no more servers 639are left listening for connection requests. 640.Pp 641When wrapping is enabled, the 642.Pa tcpd 643daemon is not required, as that functionality is builtin. 644For more information on TCP Wrappers, see the relevant documentation 645.Pq Xr hosts_access 5 . 646When reading that document, keep in mind that 647.Dq internal 648services have no associated daemon name. 649Therefore, the service name 650as specified in 651.Pa inetd.conf 652should be used as the daemon name for 653.Dq internal 654services. 655.Ss TCPMUX 656.Tn RFC 1078 657describes the TCPMUX protocol: 658``A TCP client connects to a foreign host on TCP port 1. 659It sends the 660service name followed by a carriage-return line-feed <CRLF>. 661The 662service name is never case sensitive. 663The server replies with a 664single character indicating positive (+) or negative (\-) 665acknowledgment, immediately followed by an optional message of 666explanation, terminated with a <CRLF>. 667If the reply was positive, 668the selected protocol begins; otherwise the connection is closed.'' 669The program is passed the TCP connection as file descriptors 0 and 1. 670.Pp 671If the TCPMUX service name begins with a 672.Dq + , 673.Nm 674returns the positive reply for the program. 675This allows you to invoke programs that use stdin/stdout 676without putting any special server code in them. 677.Pp 678The special service name 679.Dq help 680causes 681.Nm 682to list the TCPMUX services which are enabled in 683.Pa inetd.conf . 684.Ss IPsec 685The implementation includes a tiny hack 686to support IPsec policy settings for each socket. 687A special form of comment line, starting with 688.Dq Li #@ , 689is interpreted as a policy specifier. 690Everything after the 691.Dq Li #@ 692will be used as an IPsec policy string, 693as described in 694.Xr ipsec_set_policy 3 . 695Each 696policy specifier is applied to all the following lines in 697.Pa inetd.conf 698until the next policy specifier. 699An empty policy specifier resets the IPsec policy. 700.Pp 701If an invalid IPsec policy specifier appears in 702.Pa inetd.conf , 703.Nm 704will provide an error message via the 705.Xr syslog 3 706interface and abort execution. 707.Ss Ux Domain Sockets 708In addition to running services on IP sockets, 709.Nm 710can also manage 711.Ux 712domain sockets. 713To do this you specify a 714.Em protocol 715of 716.Dq unix 717and specify the 718.Ux 719domain socket as the 720.Em service-name . 721The 722.Em service-type 723may be 724.Dq stream 725or 726.Dq dgram . 727The specification of the socket must be 728an absolute path name, 729optionally prefixed by an owner and mode 730of the form 731.Em :user:group:mode: . 732The specification: 733.Pp 734.Dl ":news:daemon:220:/var/run/sock" 735.Pp 736creates a socket owned 737by user 738.Dq news 739in group 740.Dq daemon 741with permissions allowing only that user and group to connect. 742The default owner is the user that 743.Nm 744is running as. 745The default mode only allows the socket's owner to connect. 746.Pp 747.Sy WARNING : 748while creating a 749.Ux 750domain socket, 751.Nm 752must change the ownership and permissions on the socket. 753This can only be done securely if 754the directory in which the socket is created 755is writable only by root. 756Do 757.Em NOT 758use 759.Nm 760to create sockets in world writable directories 761such as 762.Pa /tmp ; 763use 764.Pa /var/run 765or a similar directory instead. 766.Pp 767Internal services may be run on 768.Ux 769domain sockets, in the usual way. 770In this case 771the name of the internal service 772is determined using 773the last component of the socket's pathname. 774For example, specifying a socket named 775.Pa /var/run/chargen 776would invoke the 777.Dq chargen 778service when a connection is received on that socket. 779.Sh "FILES" 780.Bl -tag -width /var/run/inetd.pid -compact 781.It Pa /etc/inetd.conf 782configuration file 783.It Pa /etc/netconfig 784network configuration data base 785.It Pa /etc/rpc 786translation of service names to RPC program numbers 787.It Pa /etc/services 788translation of service names to port numbers 789.It Pa /var/run/inetd.pid 790the pid of the currently running 791.Nm 792.El 793.Sh "EXAMPLES" 794Here are several example service entries for the various types of services: 795.Bd -literal 796ftp stream tcp nowait root /usr/libexec/ftpd ftpd -l 797ntalk dgram udp wait root /usr/libexec/ntalkd ntalkd 798telnet stream tcp6 nowait root /usr/libexec/telnetd telnetd 799shell stream tcp46 nowait root /usr/libexec/rshd rshd 800tcpmux/+date stream tcp nowait guest /bin/date date 801tcpmux/phonebook stream tcp nowait guest /usr/local/bin/phonebook phonebook 802rstatd/1-3 dgram rpc/udp wait root /usr/libexec/rpc.rstatd rpc.rstatd 803/var/run/echo stream unix nowait root internal 804#@ ipsec ah/require 805chargen stream tcp nowait root internal 806#@ 807.Ed 808.Sh "ERROR MESSAGES" 809The 810.Nm 811server 812logs error messages using 813.Xr syslog 3 . 814Important error messages and their explanations are: 815.Pp 816.Bl -ohang -compact 817.It Xo 818.Ar service Ns / Ns Ar protocol 819.No "server failing (looping), service terminated." 820.Xc 821The number of requests for the specified service in the past minute 822exceeded the limit. 823The limit exists to prevent a broken program 824or a malicious user from swamping the system. 825This message may occur for several reasons: 826.Bl -enum -offset indent 827.It 828There are many hosts requesting the service within a short time period. 829.It 830A broken client program is requesting the service too frequently. 831.It 832A malicious user is running a program to invoke the service in 833a denial-of-service attack. 834.It 835The invoked service program has an error that causes clients 836to retry quickly. 837.El 838.Pp 839Use the 840.Fl R Ar rate 841option, 842as described above, to change the rate limit. 843Once the limit is reached, the service will be 844reenabled automatically in 10 minutes. 845.Pp 846.It Xo 847.Ar service Ns / Ns Ar protocol : 848.No \&No such user 849.Ar user , 850.No service ignored 851.Xc 852.It Xo 853.Ar service Ns / Ns Ar protocol : 854.No getpwnam : 855.Ar user : 856.No \&No such user 857.Xc 858No entry for 859.Ar user 860exists in the 861.Xr passwd 5 862database. 863The first message 864occurs when 865.Nm 866(re)reads the configuration file. 867The second message occurs when the 868service is invoked. 869.Pp 870.It Xo 871.Ar service : 872.No can't set uid 873.Ar uid 874.Xc 875.It Xo 876.Ar service : 877.No can't set gid 878.Ar gid 879.Xc 880The user or group ID for the entry's 881.Ar user 882field is invalid. 883.Pp 884.It "setsockopt(SO_PRIVSTATE): Operation not supported" 885The 886.Nm 887utility attempted to renounce the privileged state associated with a 888socket but was unable to. 889.Pp 890.It Xo unknown 891.Ar rpc/udp 892or 893.Ar rpc/tcp 894.Xc 895No entry was found for either 896.Ar udp 897or 898.Ar tcp 899in the 900.Xr netconfig 5 901database. 902.Pp 903.It Xo unknown 904.Ar rpc/udp6 905or 906.Ar rpc/tcp6 907.Xc 908No entry was found for either 909.Ar udp6 910or 911.Ar tcp6 912in the 913.Xr netconfig 5 914database. 915.El 916.Sh SEE ALSO 917.Xr ipsec_set_policy 3 , 918.Xr hosts_access 5 , 919.Xr hosts_options 5 , 920.Xr login.conf 5 , 921.Xr netconfig 5 , 922.Xr passwd 5 , 923.Xr rpc 5 , 924.Xr services 5 , 925.Xr comsat 8 , 926.Xr fingerd 8 , 927.Xr ftpd 8 , 928.Xr rlogind 8 , 929.Xr rpcbind 8 , 930.Xr rshd 8 , 931.Xr talkd 8 , 932.Xr telnetd 8 , 933.Xr tftpd 8 934.Rs 935.%A Michael C. St. Johns 936.%T Identification Protocol 937.%O RFC1413 938.Re 939.Sh HISTORY 940The 941.Nm 942utility appeared in 943.Bx 4.3 . 944TCPMUX is based on code and documentation by Mark Lottor. 945Support for 946.Tn "ONC RPC" 947based services is modeled after that 948provided by 949.Tn SunOS 9504.1. 951The IPsec hack was contributed by the KAME project in 1999. 952The 953.Fx 954TCP Wrappers support first appeared in 955.Fx 3.2 . 956