This authentication method is the preferred solution for environments where:
-
Authentication must be a „hidden“ process without entering username and password.
-
The proxy service must operate in transparent mode.
-
Usernames will be used only for logging rather than for authentication.
The identd authentication method requires an identd service or daemon running on the client. Unlike other authentication methods, identd comes without the „Global authentication settings“ section.
In addition to the authentication you can define positive or negative user based access control lists.
Most Linux based clients already have an ident daemon (identd) installed by default.
For Windows clients, there are several free identd implementations available. This one works for Windows XP and Vista: rndware's Windows Ident Server
Anmerkung
Port 113 (TCP) must be opened on client based firewalls.
Require identd authentication. By default, identd authentication will not be mandatory. This configuration can be useful for logging purposes. If you want to use identd for enforced authentication, this option must be enabled. Access for clients which don't authenticate using identd will be denied.
Anmerkung
The proxy cannot run in transparent mode when using identd authentication.
Require authentication for unrestricted source addresses. If „Require ident authentication“ is enabled, authentication will be also required for unrestricted IP addresses. If you don't want to require authentication for unrestricted addresses, untick this box.
Ident timeout. Maximum time in seconds for the Proxy to wait for ident lookups to be completed.
Ident aware hosts. This enables ident lookups for the listed client addresses. Client addresses that are not listed here will not receive ident requests.
Anmerkung
Unlisted clients will gain access without authentication, even if the option „Require ident authentication“ is enabled.
Destinations without authentication (optional). This allows you to define a list of destinations that can be accessed without authentication.
Anmerkung
Any domains listed here are destination DNS domains and not source Windows NT domains.
Examples:
Entire domains and subdomains
*.example.net
*.google.com
Single hosts
www.example.net
www.google.com
IP addresses
81.169.145.75
74.125.39.103
URLs
www.example.net/download
www.google.com/images
Anmerkung
You can enter all of these destination types in any order.
Enabled. Enables access control lists for authorized or unauthorized users.
Use positive access control / Authorized users. The users listed here will be allowed web access. For all other users, access will be denied.
Use negative access control / Unauthorized users. The listed users will be blocked from web access. For all other users, access will be allowed.