[strongSwan-dev] Plugin for custom ID checks

Vyronas Tsingaras vtsingaras at it.auth.gr
Thu Nov 20 10:59:36 CET 2014


There's already a plugin for this, external-authorization in 5.2.1+

On 20/11/2014 11:58 πμ, Emeric POUPON wrote:
> Hello,
>
> I would like to check if a user has the rights to authenticate using an external facility (ldap).
> The idea is to use the user's ID (if one of ID_USER_FQDN / ID_RFC822_ADDR) to perform the check.
>
> I noticed the whitelist plugin may be a good skeleton example of what I want to do.
> Basically, I would just have to:
> - create a new libcharon/plugins/.
> - register on the "authorize" hook of the libcharon.
> - in the authorize method, get the identity of the peer involved in the IKE SA.
> - perform the required external checks.
>
> Am I correct?
>
> Best Regards,
>
>
> Emeric Poupon
> _______________________________________________
> Dev mailing list
> Dev at lists.strongswan.org
> https://lists.strongswan.org/mailman/listinfo/dev


-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 4471 bytes
Desc: S/MIME Cryptographic Signature
URL: <http://lists.strongswan.org/pipermail/dev/attachments/20141120/5c9c47e0/attachment.bin>


More information about the Dev mailing list