Red Hat Bugzilla – Bug 6528
Lots of in.identd processes hanging around
Last modified: 2008-05-01 11:37:52 EDT
pidentd includes a /etc/rc.d/init.d/pidentd script, but
there is no associated rpm script in postun to run
/sbin/chkconfig. This makes pidentd run as in.identd, from
/etc/inetd.conf (the relevent line is enabled by default)
However, after a single ident query, this causes lots of
in.identd processes to be created:
~# ps ax | grep -j ident
1705 ? S 0:00 [in.identd]
1706 ? S 0:00 [in.identd]
1707 ? S 0:00 [in.identd]
1708 ? S 0:00 [in.identd]
1709 ? S 0:00 [in.identd]
1710 ? S 0:00 [in.identd]
1711 ? S 0:00 [in.identd]
1712 ? S 0:00 [in.identd]
1713 ? S 0:00 [in.identd]
1714 ? S 0:00 [in.identd]
1715 ? S 0:00 [in.identd]
2029 pts/0 S 0:00 grep -i ident
stracing the original process, 1705, shows that it is
waiting in accept, and answers if i manually telnet to the
ident port, then the strace exits with:
rt_sigprocmask(SIG_SETMASK, NULL, [RT_0], 8) = 0
rt_sigsuspend( <unfinished ...>
--- SIGRT_0 (Real-time signal 0) ---
Is this an strace bug? stracing the other processes cause
strace to quite immediately.
I've tried adding the -w option to the ident line in
/etc/inetd.conf, even though the man page mentions that this
should be autodetected, but this doesn't help.
in.identd is now multiply threaded so seeing more than one process
is normal. The number of threads used can be changed in
/etc/identd.conf where the default is
#-- Maximum number of threads doing kernel lookups
kernel:threads = 8
You can either use the new /etc/rc.d/init.d/pidentd script (disabled
by default so there's no rpm %post script to run chkconfig) or the
older inetd method to start the daemon (enabled by default), but you
should not use both methods.
Dunno what strace does with multiply threaded programs ...
You might check /usr/doc/pidentd-3.0.3 fro more details about how
to start the daemon.
I was only using it from inetd. The initscript commant was just an
The point of spawning it from inted is that the process doesn't need
to be running all the time. All the processes were started up from
inetd - ie in the default configuration. If the threading support does
this, then surely it should be turned off by default?
Check your inetd.conf line -- it should look like
auth stream tcp wait root /usr/sbin/in.identd in.identd -e -o
(/etc/inetd.conf is marked %config(noreplace) -- that means that an
upgrade of netkit-base does *not* change the file and cannot change
the flags by which identd is started by inetd).
Yep, thats what it says. The docs advised that when using wait, -w
could be used, but it should be autodetected. This didn't make a
I've fixed it by either running identd in daemon mode, or appending
the -w to the inetd.conf:
auth stream tcp wait root /usr/sbin/in.identd in.identd
-e -o -w
It does not seem to detect daemon/inetd mode in the RH61 releas.
BTW: if -w does not work for you, try killall identd;killall -1 inetd
Uh oh, me again speaking before closely examining. My problems with
identd were of a different kind. Adding the -w option only lead to me
SIGHUPping inetd, which seem to fix some race conditions with an
already running identd outside of inetd. This lead to identd "HANGS"
resembling starting identd in a daemon mode from inetd.
------- Additional Comments From 11/01/99 14:26 -------
I am on dial up and do not want to run identd as a daemon. I have
always run it via inetd in the past but even with -w appended to the
auth entry in /etc/inetd.conf and a -HUP of inetd it keeps spawning 11
procs. The first is running as user nobody, as it should I gather,
but then it's spawning a child as root and that child is spawning the
rest running as root. They do not close themselves after an
I tried setting 'kernel:threads = 1' in /etc/identd.conf but it still
spawns 1 as nobody and 3 as root. As before they seem to remain
Whats about changing the "wait" in /etc/inetd.conf to "nowait"?
I changed the identd line in inetd.conf to "nowait", since it makes
little sense to have a lot of identd running when you dial up
occasionnaly. This seems to work fine.
nowait doesn't work. It appears to, but after I while I end up with a lot of
in.ident processes. It got up to forty processes at one stage.
*** Bug 8020 has been marked as a duplicate of this bug. ***
Shouldn't there be a -i option on in.identd when it is started from inetd with
wait? That seems to have solved it for me.
auth stream tcp wait root /usr/sbin/in.identd in.identd -e -o -i
Actually, I meant 'nowait', and no, it doesn't really work either.
The only solution I have found is to uninstall pidentd, get the pidentd from
RH6.0 (pidentd-2.8.5-3), install it, and change the inetd.conf entry:
auth stream tcp nowait nobody /usr/sbin/in.identd in.identd -l -e
This new pidentd really needs to be a wrapper which can call either the threaded
or unthreaded versions depending either on command line options, or identd.conf
(preferably a command line flag (-i) would force the old behavior, and
identd.conf would only be used by the threaded version).
This is more of a legacy inetd configuration problem than a pidentd problem.
This has been fixed in recent releases, where identd no longer runs from inetd