2026-02-10 08:46:58 +08:00 · 2015-02-12 21:08:41 +01:00
parent aa10eb53c1
commit 23586bdb9c
3 changed files with 3 additions and 24 deletions
						
						
						
						
@@ -1,16 +1,11 @@
# User authentication method. Could be set multiple times and in 
# User authentication method. Could be set multiple times and in 
# that case all should succeed. To enable multiple methods use
# that case all should succeed. To enable multiple methods use
# multiple auth directives. Available options: certificate, certificate[optional],
# multiple auth directives. Available options: certificate,
# plain, pam, radius[configfile,groupconfig]. 
# plain, pam, radius[configfile,groupconfig]. 
# certificate:
# certificate:
#  This indicates that all connecting users must present a certificate.
#  This indicates that all connecting users must present a certificate.
#
#
# certificate[optional]:
#  This indicates that a user may present a certificate. When that option
# is set, individual users or user groups can be forced to present a valid
# certificate by adding "require-cert=true" in the per-user configuration file.
#
# pam[gid-min=1000]:
# pam[gid-min=1000]:
#  The gid-min option is used by auto-select-group option, in order to
#  The gid-min option is used by auto-select-group option, in order to
# select the minimum valid group ID.
# select the minimum valid group ID.
						
						
						
							
						
						
@@ -31,7 +26,6 @@
# Framed-IP-Address, Framed-IP-Netmask, MS-Primary-DNS-Server, MS-Secondary-DNS-Server
# Framed-IP-Address, Framed-IP-Netmask, MS-Primary-DNS-Server, MS-Secondary-DNS-Server
#auth = "certificate"
#auth = "certificate"
#auth = "certificate[optional]"
#auth = "pam"
#auth = "pam"
#auth = "pam[gid-min=1000]"
#auth = "pam[gid-min=1000]"
auth = "plain[./sample.passwd]"
auth = "plain[./sample.passwd]"
						
							
						
						
							
						
						
						
@@ -392,11 +386,6 @@ no-route = 192.168.5.0/255.255.255.0
#default-user-config = /etc/ocserv/defaults/user.conf
#default-user-config = /etc/ocserv/defaults/user.conf
#default-group-config = /etc/ocserv/defaults/group.conf
#default-group-config = /etc/ocserv/defaults/group.conf
# This option is only valid in a user/group configuration file. If the
# auth mode is certificate[optional], it requires a certificate for this
# particular user or group.
#require-cert = true
# The system command to use to setup a route. %{R} will be replaced with the
# The system command to use to setup a route. %{R} will be replaced with the
# route/mask and %{D} with the (tun) device.
# route/mask and %{D} with the (tun) device.
#
#
						
							
						
						
						
						
 
						
						
							
						
						
						
@@ -500,6 +500,7 @@ unsigned force_cert_auth;
			config->auth_types |= AUTH_TYPE_CERTIFICATE;
			config->auth_types |= AUTH_TYPE_CERTIFICATE;
		} else if (c_strcasecmp(auth[j], "certificate[optional]") == 0) {
		} else if (c_strcasecmp(auth[j], "certificate[optional]") == 0) {
			config->auth_types |= AUTH_TYPE_CERTIFICATE_OPT;
			config->auth_types |= AUTH_TYPE_CERTIFICATE_OPT;
			fprintf(stderr, "The authentication option certificate[optional] is experimental and may be removed in the future\n");
		} else {
		} else {
			fprintf(stderr, "Unknown auth method: %s\n", auth[j]);
			fprintf(stderr, "Unknown auth method: %s\n", auth[j]);
			exit(1);
			exit(1);
						
							
						
						
						
						
 
						
						
							
						
						
						
@@ -75,17 +75,12 @@ An example configuration file follows.
# User authentication method. Could be set multiple times and in 
# User authentication method. Could be set multiple times and in 
# that case all should succeed. To enable multiple methods use
# that case all should succeed. To enable multiple methods use
# multiple auth directives. Available options: certificate, certificate[optional],
# multiple auth directives. Available options: certificate, 
# plain, pam, radius[configfile,groupconfig]. 
# plain, pam, radius[configfile,groupconfig]. 
# certificate:
# certificate:
#  This indicates that all connecting users must present a certificate.
#  This indicates that all connecting users must present a certificate.
#
#
# certificate[optional]:
#  This indicates that a user may present a certificate. When that option
# is set, individual users or user groups can be forced to present a valid
# certificate by adding "require-cert=true" in the per-user configuration file.
#
# pam[gid-min=1000]:
# pam[gid-min=1000]:
#  The gid-min option is used by auto-select-group option, in order to
#  The gid-min option is used by auto-select-group option, in order to
# select the minimum valid group ID.
# select the minimum valid group ID.
						
						
						
							
						
						
@@ -106,7 +101,6 @@ An example configuration file follows.
# Framed-IP-Address, Framed-IP-Netmask, MS-Primary-DNS-Server, MS-Secondary-DNS-Server
# Framed-IP-Address, Framed-IP-Netmask, MS-Primary-DNS-Server, MS-Secondary-DNS-Server
#auth = "certificate"
#auth = "certificate"
#auth = "certificate[optional]"
#auth = "pam"
#auth = "pam"
#auth = "pam[gid-min=1000]"
#auth = "pam[gid-min=1000]"
#auth = "plain[/etc/ocserv/ocpasswd]"
#auth = "plain[/etc/ocserv/ocpasswd]"
						
							
						
						
							
						
						
						
@@ -472,11 +466,6 @@ no-route = 192.168.5.0/255.255.255.0
#default-user-config = /etc/ocserv/defaults/user.conf
#default-user-config = /etc/ocserv/defaults/user.conf
#default-group-config = /etc/ocserv/defaults/group.conf
#default-group-config = /etc/ocserv/defaults/group.conf
# This option is only valid in a user/group configuration file. If the
# auth mode is certificate[optional], it requires a certificate for this
# particular user or group.
#require-cert = true
# The system command to use to setup a route. %{R} will be replaced with the
# The system command to use to setup a route. %{R} will be replaced with the
# route/mask and %{D} with the (tun) device.
# route/mask and %{D} with the (tun) device.
#
#