Hi all,
I wrote a plugin for Openvpn that does authentication using the passwd
or the shadow files. I wrote it cause the only authentication plugin for
openvpn is the auth-pam, and i needed to do authentication using the
shadow suite. I then wrote a small C program that did this, and used the
--auth-user-pass-verify directive from the openvpn. But in this setup,
you can't drop the privileges nor chroot the openvpn process.
So, i wrote the plugin. As there isn't an easy way to check if the
system is using shadow passwords or not, you must alter a compiler
directive in the makefile. On BSD systems, the getpwnam(3) is a wrapper
function that does authentication from the file that have the user
passwords, in the OpenBSD, master.passwd. So, to make it work in
OpenBSD, you have to set the compiler directive USE_SHADOW to 0. I've
tested it in OpenBSD 3.8, and it works, but more testing is needed. I
would appreciate any suggestions, reports and comments.
AFAIK i cant attach the plugin on this list, cause the demime will get
rid of it, so if someone want the plugin, mail me directly, and i would
be very pleased to send a copy of it.
Thanks in advance,
--
Giancarlo Razzolini
Linux User 172199
Moleque Sem Conteudo Numero #002
Slackware Current
OpenBSD Stable
Snike Tecnologia em Informatica
4386 2A6F FFD4 4D5F 5842 6EA0 7ABE BBAB 9C0E 6B85
[demime 1.01d removed an attachment of type application/pgp-signature which had
a name of signature.asc]
