[strongSwan] Authentication against Linux Users

Tony Hoyle tony at hoyle.me.uk
Wed May 9 22:05:54 CEST 2018


On 09/05/2018 16:17, Christian Salway wrote:
> Unfortunately IKEv2 is a requirement, and they have requested
> username/password authentication because they don't like the "struggles"
> of installed a CA cert and a client cert.
> 
> Currently the authentication is done with MSCHAPv2 which requires SS to
> have a plain text copy of the password in order to create the Challenge
> hash, I understand that.... however, what if SS was able to retrieve the
> plain text password from another source other than a local config file,
> eg Amazon's SecretsManager for example?  Is this something that is
> available or that you guys could write (at a price Im sure)?
> 
If you migrate all the password information into a radius server, that
can handle both linux and strongswan login.

Tony
-------------- next part --------------
A non-text attachment was scrubbed...
Name: pEpkey.asc
Type: application/pgp-keys
Size: 1757 bytes
Desc: not available
URL: <http://lists.strongswan.org/pipermail/users/attachments/20180509/32c608a0/attachment.key>


More information about the Users mailing list