[strongSwan] Authentication against Linux Users
Christian Salway
christian.salway at naimuri.com
Wed May 9 17:17:19 CEST 2018
Hi Tobias,
Unfortunately IKEv2 is a requirement, and they have requested username/password authentication because they don't like the "struggles" of installed a CA cert and a client cert.
Currently the authentication is done with MSCHAPv2 which requires SS to have a plain text copy of the password in order to create the Challenge hash, I understand that.... however, what if SS was able to retrieve the plain text password from another source other than a local config file, eg Amazon's SecretsManager for example? Is this something that is available or that you guys could write (at a price Im sure)?
Regards,
Christian Salway
IT Consultant
Tel: 07463 331432
christian.salway at naimuri.com
<http://www.naimuri.com/>
<http://www.naimuri.com/>
> On 9 May 2018, at 13:12, Tobias Brunner <tobias at strongswan.org> wrote:
>
> Hi Christian,
>
>> Is there a way to authenticate against local Linux users?
>
> Not with Windows or Apple clients, unless you use IKEv1 (see [1] and [2]).
>
> Regards,
> Tobias
>
> [1] https://wiki.strongswan.org/projects/strongswan/wiki/XAuthPAM
> [2] https://wiki.strongswan.org/projects/strongswan/wiki/Eap-gtc
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.strongswan.org/pipermail/users/attachments/20180509/11c95993/attachment-0001.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: email-signature-logo.png
Type: image/png
Size: 10961 bytes
Desc: not available
URL: <http://lists.strongswan.org/pipermail/users/attachments/20180509/11c95993/attachment-0001.png>
More information about the Users
mailing list