The question here is 'trust'. Why bother using ident in ANY code anymore if it can't be trusted? Yet it still is. So move the trust demarcation point to where the user has no control over it. Remember, if its a static IP or network client, you don't proxy ident requests - since the static IP is the demarcation point of trust. They can change their ident, but no matter what, their IP or network still stays the same.
The problem is 'indemnification.' If you want to authenticate or postively identify the origin of a connection, well I suspect you already know the answer. I'm not going to promise just because you received a packet allegdly from my network, that it originated on my network. And there is no demarcation point in the network, outside the portion you directly control, you positively know the user has no control over. -- Sean Donelan, Data Research Associates, Inc, St. Louis, MO Affiliation given for identification not representation