mirror of
https://gitlab.com/openconnect/ocserv.git
synced 2026-02-10 00:37:00 +08:00
Added option to allow sending a cookie without the corresponding certificate.
This option is required for the cisco clients, that do not always use the client certificate. When this option is set to false it means that the cookie itself is sufficient for authentication. This is bad practice of smart cards are in use.
This commit is contained in:
Nikos Mavrogiannopoulos
@@ -10,7 +10,13 @@ auth = "pam"
|
||||
# Client config xml. The variable $GROUP will be replaced by
|
||||
# the user's group name. This file must be accessible from inside
|
||||
# the worker's chroot. It is not used by the openconnect client.
|
||||
user-profile = ../doc/profile.xml
|
||||
#user-profile = /profile.xml
|
||||
|
||||
# Unless set to false it is required for clients to present their
|
||||
# certificate even if they are authenticating via a previously granted
|
||||
# cookie. Legacy CISCO clients do not do that, and thus this option
|
||||
# should be set for them.
|
||||
#always-require-cert = false
|
||||
|
||||
# Use listen-host to limit to specific IPs or to the IPs of a provided hostname.
|
||||
#listen-host = [IP|HOSTNAME]
|
||||
|
||||
Reference in New Issue
Block a user