From 021febe5d8bb77eb3e295f4c407453dd82522789 Mon Sep 17 00:00:00 2001 From: Nikos Mavrogiannopoulos Date: Tue, 10 Jun 2014 15:05:53 +0200 Subject: [PATCH] doc update --- NEWS | 3 +++ doc/sample.config | 9 +++++++-- 2 files changed, 10 insertions(+), 2 deletions(-) diff --git a/NEWS b/NEWS index 4351b25e..779a789c 100644 --- a/NEWS +++ b/NEWS @@ -3,6 +3,9 @@ - Fix endianess issue with internal messages. - FreeBSD system fixes, by Brian Chu. - Added openconnect 3.20 compatibility. +- Added support for session control (in PAM or any other potential + authentication methods). That feature is disabled by default as it + requires the security module to keep state for each connected user. - ocpasswd: Added --delete parameter. diff --git a/doc/sample.config b/doc/sample.config index e18da2d8..ae0b4780 100644 --- a/doc/sample.config +++ b/doc/sample.config @@ -16,6 +16,11 @@ auth = "plain[./sample.passwd]" # to generate password entries. #auth = "plain[/etc/ocserv/ocpasswd]" +# Whether to enable the authentication method's session control (i.e., PAM). +# That requires more resources on the server, and makes cookies one-time-use; +# thus don't enable unless you need it. +session-control = true + # A banner to be displayed on clients #banner = "Welcome" @@ -293,12 +298,12 @@ route = 192.168.5.0/255.255.255.0 # The name of the group that if selected it would allow to use # the assigned by default group. -default-select-group = DEFAULT +#default-select-group = DEFAULT # Instead of specifying manually all the allowed groups, you may instruct # ocserv to scan all available groups and include the full list. That # option is only functional on plain authentication. -auto-select-group = true +#auto-select-group = true # The system command to use to setup a route. %{R} will be replaced with the # route/mask and %{D} with the (tun) device.