[strongSwan] Prompting for Credentials with strongswan 5

Martin Willi martin at strongswan.org
Tue Sep 18 16:55:09 CEST 2012


Hi Gerald,

> I have taken a closer look at the sources (e.g. nm_cread.c and others)
> and it seems to me that the credential manager does only handle the
> password (in case of xauth), but not the username.

Yes, usernames are not requested through the credential manager, but are
passed as argument to find these credentials.

> What I would like to have, is that the user gets ask for username _and_
> password (maybe with some default username already filled in). Is it
> possible to supply the username via the credential manager or can it
> only be changed in the config, so I have to do it upfront?

Usually the different identities are part of the configuration. When you
use configurations from ipsec.conf, you currently can't change them
dynamically. NM generates configurations on demand, hence it can change
them.

If you need this for XAuth only, you might try a different approach.
XAuth methods are pluggable, too, and you could write your own XAuth
handler. Have a look at xauth-generic for an example: As a client, it
uses the configured identity as username and fetches a secret for it.
You could, however, get username and password for XAuth using your own
logic.

Regards
Martin





More information about the Users mailing list