GitLab/ocserv
1
0
Fork 0
mirror of https://gitlab.com/openconnect/ocserv.git synced 2026-02-10 00:37:00 +08:00
Code Issues Packages Projects Releases Wiki Activity

test-pass-opt-cert: modified not to require root access

Browse Source 
Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
This commit is contained in:
Nikos Mavrogiannopoulos
2018-02-25 15:13:08 +01:00
parent 86ae99864b
commit 30d4b4e677
3 changed files with 31 additions and 41 deletions
Download Patch File Download Diff File Expand all files Collapse all files

21
tests/data/test-pass-opt-cert.config
View File

@@ -1,8 +1,8 @@
# User authentication method. Could be set multiple times and in that case
# all should succeed.
# Options: certificate, pam.
auth = "plain[passwd=@SRCDIR@/data/test1.passwd]"
enable-auth = "certificate"
auth = "plain[./data/test1.passwd]"
#auth = "pam"
# A banner to be displayed on clients
@@ -45,8 +45,8 @@ try-mtu-discovery = false
#
# There may be multiple certificate and key pairs and each key
# should correspond to the preceding certificate.
server-cert = ./certs/server-cert.pem
server-key = ./certs/server-key.pem
server-cert = @SRCDIR@/certs/server-cert-ca.pem
server-key = @SRCDIR@/certs/server-key.pem
# Diffie-Hellman parameters. Only needed if you require support
# for the DHE ciphersuites (by default this server supports ECDHE).
@@ -72,7 +72,7 @@ server-key = ./certs/server-key.pem
# The Certificate Authority that will be used
# to verify clients if certificate authentication
# is set.
ca-cert = ./certs/ca.pem
ca-cert = @SRCDIR@/certs/ca.pem
# The object identifier that will be used to read the user ID in the client certificate.
# The object identifier should be part of the certificate's DN
@@ -118,23 +118,20 @@ cookie-validity = 172800
#connect-script = /usr/bin/myscript
#disconnect-script = /usr/bin/myscript
# UTMP
use-utmp = true
# PID file
pid-file = /var/run/ocserv.pid
pid-file = ./ocserv.pid
# The default server directory. Does not require any devices present.
#chroot-dir = /path/to/chroot
# socket file used for IPC, will be appended with .PID
# It must be accessible within the chroot environment (if any)
socket-file = /var/run/ocserv-socket
socket-file = ./ocserv-socket
# The user the worker processes will be run as. It should be
# unique (no other services run as this user).
run-as-user = nobody
run-as-group = daemon
run-as-user = @USERNAME@
run-as-group = @GROUP@
# Network settings
@@ -183,3 +180,5 @@ route = 192.168.1.0/255.255.255.0
cisco-client-compat = true
config-per-user = ./user-config-opt/
max-ban-score = 0