oidentd is a project by Janik Rabe. Downloads and more information are available from the project page. View project

Identification vs. Authentication

The Ident protocol was designed for identification, not authentication. Please don't use it for access control.

The primary purpose of the Ident protocol is to serve as an auditing and abuse prevention mechanism. For example, many IRC servers act as Ident clients, querying and publicly displaying users' Ident replies. This allows providers of IRC bouncers, shell accounts and other services to identify users abusing their systems and enables channel operators and network operators to remove individual users without excluding their entire host or network.

Ident queries and replies are sent as plain text, with no encryption or authentication, and can be intercepted or modified by an attacker. In addition, it is not possible to prevent compromised or malicious hosts from sending arbitrary Ident replies. For these reasons, the Ident protocol is not suitable for authentication or access control.