GitLab/ocserv
1
0
Fork 0
mirror of https://gitlab.com/openconnect/ocserv.git synced 2026-02-10 00:37:00 +08:00
Code Issues Packages Projects Releases Wiki Activity

doc: clarify auth and enable-auth

Browse Source 
Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
This commit is contained in:
Nikos Mavrogiannopoulos
2018-02-19 15:39:12 +01:00
parent e2a0be65e4
commit a157fc7068
1 changed files with 11 additions and 12 deletions
Download Patch File Download Diff File Expand all files Collapse all files

23
doc/sample.config
View File

@@ -1,21 +1,20 @@
# User authentication method. Could be set multiple times and in
# that case all should succeed. To enable multiple methods use
# multiple auth directives. Available options: certificate,
# plain, pam, radius, gssapi. Note that authentication methods
# utilizing passwords cannot be combined (e.g., the plain, pam
# or radius methods).
#
# Note that authentication methods cannot be changed with reload.
### The following directives do not change with server reload.
# User authentication method. To require multiple methods to be
# used for the user to login, add multiple auth directives.
# Available options: certificate, plain, pam, radius, gssapi.
# Note that authentication methods utilizing passwords cannot be
# combined (e.g., the plain, pam or radius methods).
# certificate:
# This indicates that all connecting users must present a certificate.
# The username and user group will be then extracted from it (see
# The username and user group will be then extracted from it (see
# cert-user-oid and cert-group-oid). The certificate to be accepted
# it must be signed by the CA certificate as specified in 'ca-cert' and
# it must not be listed in the CRL, as specified by the 'crl' option.
#
# pam[gid-min=1000]:
# This enabled PAM authentication of the user. The gid-min option is used
# This enabled PAM authentication of the user. The gid-min option is used
# by auto-select-group option, in order to select the minimum valid group ID.
#
# plain[passwd=/etc/ocserv/ocpasswd,otp=/etc/ocserv/users.otp]
@@ -53,7 +52,7 @@ auth = "plain[passwd=./sample.passwd]"
# Specify alternative authentication methods that are sufficient
# for authentication. That is, if set, any of the methods enabled
# will be sufficient to login.
# will be sufficient to login, irrespective of the main 'auth' entries.
#enable-auth = "certificate"
#enable-auth = "gssapi"
#enable-auth = "gssapi[keytab=/etc/key.tab,require-local-user-map=true,tgt-freshness-time=900]"
@@ -70,7 +69,7 @@ auth = "plain[passwd=./sample.passwd]"
# Only one accounting method can be specified.
#acct = "radius[config=/etc/radiusclient/radiusclient.conf]"
# Use listen-host to limit to specific IPs or to the IPs of a provided
# Use listen-host to limit to specific IPs or to the IPs of a provided
# hostname.
#listen-host = [IP|HOSTNAME]