[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: Openvpn plugin for passwd authentication
- To: misc_(_at_)_openbsd_(_dot_)_org
- Subject: Re: Openvpn plugin for passwd authentication
- From: Giancarlo Razzolini <linux-fan_(_at_)_onda_(_dot_)_com_(_dot_)_br>
- Date: Wed, 12 Apr 2006 14:07:53 -0300
- Reply-to: linux-fan_(_at_)_onda_(_dot_)_com_(_dot_)_br
Eric Pancer wrote:
> On Wed, 2006-04-12 at 12:21:33 -0300, Giancarlo Razzolini proclaimed...
>> I wrote a plugin for Openvpn that does authentication using the passwd
>> or the shadow files. I wrote it cause the only authentication plugin for
>> openvpn is the auth-pam, and i needed to do authentication using the
>> shadow suite. I then wrote a small C program that did this, and used the
>> --auth-user-pass-verify directive from the openvpn. But in this setup,
>> you can't drop the privileges nor chroot the openvpn process.
>> So, i wrote the plugin. As there isn't an easy way to check if the
>> system is using shadow passwords or not, you must alter a compiler
>> directive in the makefile. On BSD systems, the getpwnam(3) is a wrapper
>> function that does authentication from the file that have the user
>> passwords, in the OpenBSD, master.passwd. So, to make it work in
>> OpenBSD, you have to set the compiler directive USE_SHADOW to 0. I've
>> tested it in OpenBSD 3.8, and it works, but more testing is needed. I
>> would appreciate any suggestions, reports and comments.
> Shadow passwords? Auth pam? You must have the wrong mailing list; we don't
> use those broken technologies here.
Did you read my mail at all? The plugin authenticate itself from
master.passwd on OpenBSD and from shadow on linux distributions. I
mentioned PAM, case the only plugin that existed for authentication in
openvpn uses PAM. I hate PAM, so i wrote the plugin. Next time read the
entire message before saying anything.
Linux User 172199
Moleque Sem Conteudo Numero #002
Snike Tecnologia em Informatica
4386 2A6F FFD4 4D5F 5842 6EA0 7ABE BBAB 9C0E 6B85
[demime 1.01d removed an attachment of type application/pgp-signature which had a name of signature.asc]