2.10.2. identd Authentication

This authentication method is the preferred solution for environments where:

The identd authentication method requires an identd service or daemon running on the client. Unlike other authentication methods, identd comes without the Global authentication settings section.

identd Authentication section

In addition to the authentication you can define positive or negative user based access control lists. Client-side prerequisites

Most Linux based clients already have an ident daemon (identd) installed by default.

For Windows clients, there are several free identd implementations available. This one works for Windows XP and Vista: rndware's Windows Ident Server


Port 113 (TCP) must be opened on client based firewalls. Common identd settings

Common identd settings section

Require identd authentication By default, identd authentication will not be mandatory. This configuration can be useful for logging purposes. If you want to use identd for enforced authentication, this option must be enabled. Access for clients which don't authenticate using identd will be denied.


The proxy cannot run in transparent mode when using identd authentication.

Require authentication for unrestricted source addresses If Require ident authentication is enabled, authentication will be also required for unrestricted IP addresses. If you don't want to require authentication for unrestricted addresses, untick this box.

Ident timeout Maximum time in seconds for the Proxy to wait for ident lookups to be completed.

Ident aware hosts This enables ident lookups for the listed client addresses. Client addresses that are not listed here will not receive ident requests.


Unlisted clients will gain access without authentication, even if the option Require ident authentication is enabled.

Destinations without authentication (optional).  This allows you to define a list of destinations that can be accessed without authentication.


Any domains listed here are destination DNS domains and not source Windows NT domains.


Entire domains and subdomains


Single hosts


IP addresses




You can enter all of these destination types in any order. User based access restrictions

User based access restrictions section

Enabled Enables access control lists for authorized or unauthorized users.

Use positive access control / Authorized users The users listed here will be allowed web access. For all other users, access will be denied.

Use negative access control / Unauthorized users The listed users will be blocked from web access. For all other users, access will be allowed.