[strongSwan] xauth authentication backend

Noel Kuntze noel.kuntze+strongswan-users-ml at thermi.consulting
Fri Sep 27 17:37:07 CEST 2019


You will need to go through a local RADIUS server, in which you need to implement your custom authentication logic
(meaning the checking against all those different backends). You'll use the eap-radius plugin for that, which will
then automatically also forward all XAUTH authentications to the configured RADIUS server.

Multiple authentication rounds means that the client actively participates in every of those rounds and each one
has to succeed, meaning it has to be aware of those. In your case, that evidently won't work for you.

Kind regards


Am 27.09.19 um 16:05 schrieb Felipe Arturo Polanco:
> Hi,
> You can check out multiple authentication rounds, it will provide with chain authentication using multiple backends.
> On Fri, Sep 27, 2019 at 7:38 AM Christoph Harder <charder at telco-tech.de <mailto:charder at telco-tech.de>> wrote:
>     Hello everybody,
>     currently I do have the problem, that I need to setup xauth but with a
>     custom authentication backend. To be more specific, I need to check if a
>     user that tries to authenticate with xauth exists in one of multiple
>     backends and if his/her credentials are correct (e.g. simultaniously
>     looking in a local DB, one or more LDAP directories and/or a RADIUS server).
>     Is there any way to perform custom authentication and authorization?
>     Sadly PAM is not an option/not available on this system.
>     The ext-auth plugin is missing the password, so I can't use it to check
>     if the user actually provided the correct credentials only if he/she
>     exists and is authorized to connect.
>     Best regards,
>     Christoph Harder
>     -- 
>     Niederlassung Berlin
>     Mädewalder Weg 2
>     12621 Berlin
>     Tel.: +49 30 565862610
>     Web: www.telco-tech.de <http://www.telco-tech.de>
>     Amtsgericht Potsdam-Stadt HRB 55 79
>     Geschäftsführung:
>     Bernd Schulz
>     Silke Schirmer

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 833 bytes
Desc: OpenPGP digital signature
URL: <http://lists.strongswan.org/pipermail/users/attachments/20190927/c963ac49/attachment.sig>

More information about the Users mailing list