>Someone with a lot of time could probably write a kernel module that
>is able to detect outgoing IRC ports and automatically predict that an
>IRC server will be contacting it back soon for identd information on a
>particular user, and know what computer on the internal lan requested
>it, and forward identd connections appropriately, but err that sounds
>ugly. also prone to race condition vulnerabilities too! :)

Linux has midentd <http://p8ur.op.het.net/midentd/> which (from the
README):

   When a request comes in, it checks it in /proc/net/tcp first, just
   like any regular identd will do. If it can't find the connection
   there, it looks in /proc/net/ip_masquerade and tries to find 
   it there. If it does, it will connect to the client that owns the
   connection and ask the midentd there (yes, the client needs
   it too..) which user owns that connection.

I don't know if something like this is adaptable to NetBSD or not.

HTH,

-Doug

-- 
Doug Larrick  doug@ties.org  doug.larrick@compaq.com  AIM: DougLarick