Eric Pancer wrote: > On Wed, 2006-04-12 at 12:21:33 -0300, Giancarlo Razzolini proclaimed... > >> I wrote a plugin for Openvpn that does authentication using the passwd >> or the shadow files. I wrote it cause the only authentication plugin for >> openvpn is the auth-pam, and i needed to do authentication using the >> shadow suite. I then wrote a small C program that did this, and used the >> --auth-user-pass-verify directive from the openvpn. But in this setup, >> you can't drop the privileges nor chroot the openvpn process. >> >> So, i wrote the plugin. As there isn't an easy way to check if the >> system is using shadow passwords or not, you must alter a compiler >> directive in the makefile. On BSD systems, the getpwnam(3) is a wrapper >> function that does authentication from the file that have the user >> passwords, in the OpenBSD, master.passwd. So, to make it work in >> OpenBSD, you have to set the compiler directive USE_SHADOW to 0. I've >> tested it in OpenBSD 3.8, and it works, but more testing is needed. I >> would appreciate any suggestions, reports and comments. > > Shadow passwords? Auth pam? You must have the wrong mailing list; we don't > use those broken technologies here. > > Did you read my mail at all? The plugin authenticate itself from master.passwd on OpenBSD and from shadow on linux distributions. I mentioned PAM, case the only plugin that existed for authentication in openvpn uses PAM. I hate PAM, so i wrote the plugin. Next time read the entire message before saying anything.
-- Giancarlo Razzolini Linux User 172199 Moleque Sem Conteudo Numero #002 Slackware Current OpenBSD Stable Snike Tecnologia em Informatica 4386 2A6F FFD4 4D5F 5842 6EA0 7ABE BBAB 9C0E 6B85 [demime 1.01d removed an attachment of type application/pgp-signature which had a name of signature.asc]
