RFC1413 specifies the `ident' protocol, which can be used to determine the user name associated with an open TCP/IP connection.
The firewall can use these user names as a form of user authentication. This is a very weak form of authentication, since anybody with administrative access to a client host, or with the ability to install a new host, can arrange for the `ident' protocol to report any user name they choose. Nevertheless, it can be useful in controlled environments, especially where there are multi-user UNIX hosts.