Setting up oidentd with ZNC

June 9, 2018

Yesterday for some reason I just wanted to get rid of that tilde in front of your real name in IRC. No reason for it at all, really.

So where does that tilde come from, really? In a lot of modern IRCds, like charybdis (which I use), the tilde means not identified through ident. Which is fine, considering that ident runs on TCP 113, so identd can’t be run as a not root user.

Well, unless you patch your kernel to allow normal users to bind to any port, but meh, despite how much of a good idea that is, I don’t wanna do it ATM. And no, it’s not ‘cause I somehow uphold an argument against it (well, so far I haven’t found any logical arguments against it), but it’s because I’m quite lazy. I hope that’s a good enough excuse, because maintaining a custom kernel package can be tedious…

So, now that we’ve got over why ident isn’t worth it practically, let’s go actually set it up with ZNC. In ZNC the generic process is documented here. However, note the slight problem!

/msg *identfile setformat global { reply "%user%" }

ZNC is replying with the name of the user connecting, not the actual ident field as specified within the user’s config. When such a field is reserved specifically for the ident, why reply with the username in the first place? So let’s fix that.

/msg *identfile setformat global { reply "%ident%" }

This is pretty easy, due to the amazing documentation on ExpandString within ZNC’s wiki.

Also, the reason why you’d want to do this is because the ident also determines your realname. In some IRCds, whether you can get operator status may depend on what your realname currently is (which is a bit of a crappy thing, but it is a thing anyway). So if you have different realnames across networks, you’d want to be able to tweak the ident field for each network to get your OPER requests to work. I’m not sure why this is (especially with an ident, why not a nick?), especially considering you can tell whether a person is an IRCOp by WHOISing them, but it is so in many default server configs.

With that said, you’re done on ZNC’s side. Now into the shell. With oidentd, it’s possible to make ident only work for ZNC. For every other user it’ll simply give no response.

default {
    default {
        force hide
user "znc" {
    default {
        allow spoof
        allow spoof_all

That’s the oidentd.conf(5) I used to accomplish this. So yeah, now start oidentd up. It should simply work.

(Note that if you are connecting to a network in which you are an IRCOp and it requires a specific username, you might need to request that the tilde-less name gets added. This is ‘cause a lot of IRCds also care about whether the realname has a tilde or not. Just one of the few IRCd management skills I obtained from being the person running aonet)

Once you’re done running /znc disconnect and /znc connect, you should be able to get a tilde-less name in your /whois!

Nice, right? Totally useless, but nice.