[strongSwan] XAuth with interactive authentication?
Alexander Sbitnev
alexander.sbitnev at gmail.com
Tue Sep 23 12:55:31 CEST 2014
Hi Martin!
Yes you correctly interpret my vague question. Thanks for your answer.
Is it possible to create plugin of my own to request credential/password?
Main obstacle I see here is how IKE daemon will behave itself in case of
long plugin callback execution time as user can be quite slow in response.
Another question I want ask: Is there anything like "ipsec stroke
user-creds"
to setup password for private key decryption during public key auth?
On 09/23/2014 12:57 PM, Martin Willi wrote:
> Hi Alexander,
>
>> Is it possible to use XAuth not with secrets file, but with
>> interactive credentials request from user? Is there any interfaces for
>> that?
> I assume you refer to the client that initiates a connection?
>
> When using an ipsec.conf configuration, you may use the "ipsec stroke
> user-creds" commands to set a username/password for a connection before
> initiating it.
>
> For a more interactive prompt, you may consider using charon-cmd [1],
> which by default prompts for XAuth or EAP credentials. Other client
> specific frontends, such as the NetworkManager plugin or our OS X
> client, do this in a similar way.
>
>> Maybe something planned in VICI?
> You can configure credentials at any time using vici, and also clear
> them (all). A credential request mechanism, where the daemon asks a
> connected vici client for an XAuth password, is currently not
> implemented.
>
> Regards
> Martin
>
> [1]https://wiki.strongswan.org/projects/strongswan/wiki/Charon-cmd
>
>
More information about the Users
mailing list