diff --git a/CHANGELOG.md b/CHANGELOG.md
index 0f627189..7eb917f9 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -16,6 +16,7 @@ Initial release of Oragono!
 * Added YAML config file format.
 * Added native SSL/TLS support (thanks to @edmand).
 * Added ability to generate certificates from the command line.
+* Can now lookup usernames with ident on client connection.
 * We now advertise the [`RPL_ISUPPORT`](http://modern.ircdocs.horse/#rplisupport-005) numeric.
 * Parse new mode change syntax commonly used these days (i.e. `+h-ov dan dan dan`).
 * User mode for clients connected via TLS (`+Z`).
diff --git a/irc/client.go b/irc/client.go
index 78d16071..2627b6c0 100644
--- a/irc/client.go
+++ b/irc/client.go
@@ -7,11 +7,13 @@ package irc
 
 import (
 	"fmt"
+	"log"
 	"net"
 	"strconv"
 	"time"
 
 	"github.com/DanielOaks/girc-go/ircmsg"
+	"github.com/DanielOaks/go-ident"
 )
 
 const (
@@ -67,6 +69,35 @@ func NewClient(server *Server, conn net.Conn, isTLS bool) *Client {
 	if isTLS {
 		client.flags[TLS] = true
 	}
+	if server.checkIdent {
+		_, serverPortString, err := net.SplitHostPort(conn.LocalAddr().String())
+		serverPort, _ := strconv.Atoi(serverPortString)
+		if err != nil {
+			log.Fatal(err)
+		}
+		clientHost, clientPortString, err := net.SplitHostPort(conn.RemoteAddr().String())
+		clientPort, _ := strconv.Atoi(clientPortString)
+		if err != nil {
+			log.Fatal(err)
+		}
+
+		client.Notice("*** Looking up your username")
+		resp, err := ident.Query(clientHost, serverPort, clientPort)
+		if err == nil {
+			username := resp.Identifier
+			//TODO(dan): replace this with IsUsername/IsIRCName?
+			if Name(username).IsNickname() {
+				client.Notice("*** Found your username")
+				//TODO(dan): we do a bunch of user replacing in server.go userHandler, do we need that here?
+				client.username = Name(username)
+				// we don't need to updateNickMask here since nickMask is not used for anything yet
+			} else {
+				client.Notice("*** Got a malformed username, ignoring")
+			}
+		} else {
+			client.Notice("*** Could not find your username")
+		}
+	}
 	client.Touch()
 	go client.run()
 
diff --git a/irc/config.go b/irc/config.go
index 51790546..f191f574 100644
--- a/irc/config.go
+++ b/irc/config.go
@@ -57,6 +57,7 @@ type Config struct {
 		Listen           []string
 		Wslisten         string                      `yaml:"ws-listen"`
 		TLSListeners     map[string]*TLSListenConfig `yaml:"tls-listeners"`
+		CheckIdent       bool                        `yaml:"check-ident"`
 		Log              string
 		MOTD             string
 		ProxyAllowedFrom []string `yaml:"proxy-allowed-from"`
diff --git a/irc/server.go b/irc/server.go
index fccf3c2b..69edcb88 100644
--- a/irc/server.go
+++ b/irc/server.go
@@ -41,6 +41,7 @@ type Server struct {
 	whoWas           *WhoWasList
 	theaters         map[Name][]byte
 	isupport         *ISupportList
+	checkIdent       bool
 }
 
 var (
@@ -69,6 +70,7 @@ func NewServer(config *Config) *Server {
 		proxyAllowedFrom: config.Server.ProxyAllowedFrom,
 		whoWas:           NewWhoWasList(100),
 		theaters:         config.Theaters(),
+		checkIdent:       config.Server.CheckIdent,
 	}
 
 	if config.Server.MOTD != "" {
diff --git a/oragono.yaml b/oragono.yaml
index ff9c4f3b..98e9d7b7 100644
--- a/oragono.yaml
+++ b/oragono.yaml
@@ -30,6 +30,9 @@ server:
             key: tls.key
             cert: tls.crt
 
+    # use ident protocol to get usernames
+    check-ident: true
+
     # password to login to the server
     # generated using  "oragono genpasswd"
     #password: ""