2.10.2. identd Authentication

This authentication method is the preferred solution for environments where:

The identd authentication method requires an identd service or daemon running on the client. Unlike other authentication methods, identd comes without the “Global authentication settings” section.

identd Authentication section

In addition to the authentication you can define positive or negative user based access control lists.

2.10.2.1. Client-side prerequisites

Most Linux based clients already have an ident daemon (identd) installed by default.

For Windows clients, there are several free identd implementations available. This one works for Windows XP and Vista: rndware's Windows Ident Server

Note

Port 113 (TCP) must be opened on client based firewalls.

2.10.2.2. Common identd settings

Common identd settings section

Require identd authentication By default, identd authentication will not be mandatory. This configuration can be useful for logging purposes. If you want to use identd for enforced authentication, this option must be enabled. Access for clients which don't authenticate using identd will be denied.

Note

The proxy cannot run in transparent mode when using identd authentication.

Require authentication for unrestricted source addresses If “Require ident authentication” is enabled, authentication will be also required for unrestricted IP addresses. If you don't want to require authentication for unrestricted addresses, untick this box.

Ident timeout Maximum time in seconds for the Proxy to wait for ident lookups to be completed.

Ident aware hosts This enables ident lookups for the listed client addresses. Client addresses that are not listed here will not receive ident requests.

Note

Unlisted clients will gain access without authentication, even if the option “Require ident authentication” is enabled.

Destinations without authentication (optional).  This allows you to define a list of destinations that can be accessed without authentication.

Note

Any domains listed here are destination DNS domains and not source Windows NT domains.

Examples:

Entire domains and subdomains

*.example.net
*.google.com

Single hosts

www.example.net
www.google.com

IP addresses

81.169.145.75
74.125.39.103

URLs

www.example.net/download
www.google.com/images

Note

You can enter all of these destination types in any order.

2.10.2.3. User based access restrictions

User based access restrictions section

Enabled Enables access control lists for authorized or unauthorized users.

Use positive access control / Authorized users The users listed here will be allowed web access. For all other users, access will be denied.

Use negative access control / Unauthorized users The listed users will be blocked from web access. For all other users, access will be allowed.