actually i have one more possible use case:

remember fwtk? i have an authenticating version of plug-gw. the way
it works: as a connection attempt is done, the proxy requests authentication
from authsrv via standard "authorize" command. Which, in turn, makes a
lookup if host/username pair matches active OOB authentication session and
if yes, requests keepalive/confirmation from it and given it is ok
grants connection right. Well, it requires *username* to be known.
Why not to request it via identd?

firewall-wizards mailing list