[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Openvpn plugin for passwd authentication

On Wed, Apr 12, 2006 at 10:58:49PM -0300, Giancarlo Razzolini wrote:
> Lars Hansson wrote:
> > On Wednesday 12 April 2006 23:21, Giancarlo Razzolini wrote:
> >> 	I wrote a plugin for Openvpn that does authentication using the passwd
> >> or the shadow files
> >
> > What would be even cooler is a bsd-auth plugin.
> >

> My plugin uses the getpwnam(3) function if you do not set the Makefile
> directive USE_SHADOW. <...> If the program runs with the uid 0 (which
> is the case here), it will successfully authenticate the user. So it
> does authentication in BSD systems cause, AFAIK, this behavior of the
> getpwnam(3) is present on all BSD derivative systems,

Lars is referring to auth_verify(3) and the like, which implements full
authentication. It's a far more robust solution, not in the least
because it ties in with all the other supported authentication options.