GitLab/ocserv
1
0
Fork 0
mirror of https://gitlab.com/openconnect/ocserv.git synced 2026-02-10 16:57:00 +08:00
Code Issues Packages Projects Releases Wiki Activity
2,226 Commits 19 Branches 88 Tags
221b165918368983d109313e909e1a08ff3a47d7
Commit Graph

138 Commits

Author SHA1 Message Date
Nikos Mavrogiannopoulos
e5d02eb228 plain auth: support OTP authentication using usersfile 
That adds a dependency on liboath.
 2015-09-25 15:03:38 +02:00
Nikos Mavrogiannopoulos
568d6fa767 mention the possibility of proxy arp 2015-09-24 09:52:18 +02:00
Nikos Mavrogiannopoulos
0461787fcc doc update 2015-09-18 16:45:53 +02:00
Nikos Mavrogiannopoulos
1bfa6e7648 Reinstated the PAM accounting method 
It can be used to check for a valid PAM account, even when
certificates or another authentication method is in use.
 2015-09-18 16:45:32 +02:00
Nikos Mavrogiannopoulos
f2caadbe83 updated documentation for CRL reload 2015-09-14 17:59:58 +02:00
Nikos Mavrogiannopoulos
edba5fc23e removed pam accounting method from config file 
Reported by Stuart Henderson.
 2015-09-05 00:16:06 +02:00
Nikos Mavrogiannopoulos
1c64073cf2 pam: removed accounting; it served no purpose 
In fact it could even cause issues in the security-module
depending on what was configured in PAM.
 2015-08-31 16:19:48 +02:00
Nikos Mavrogiannopoulos
17e71dccd8 Added support for proxy protocol (v2) 2015-07-15 13:03:58 +02:00
Nikos Mavrogiannopoulos
3f48b31a9e use quotes in all examples to avoid issues in modifications 2015-06-29 15:33:16 +02:00
Nikos Mavrogiannopoulos
8b186fb53a Allow specifying a PIN and SRK PIN in the config file 
That pin will be used to decrypt encrypted key files as well.
 2015-06-25 14:12:57 +02:00
Nikos Mavrogiannopoulos
f954983f7a sample.config: bring in par with ocserv-args.def 2015-05-23 11:16:43 +02:00
Nikos Mavrogiannopoulos
9c0ebd3c81 document the fact that some clients fail if rekey is disabled 2015-05-23 11:15:07 +02:00
Nikos Mavrogiannopoulos
45d380ccd9 corrected typos in IPV6 env variable 2015-05-11 14:26:10 +02:00
Nikos Mavrogiannopoulos
8b32d185c6 doc update 2015-05-06 20:43:04 +02:00
Nikos Mavrogiannopoulos
f89525ff94 added config option 'persistent-cookies' 
When it is set, it doesn't invalidate cookies after
user disconnection.
 2015-05-06 20:41:42 +02:00
Nikos Mavrogiannopoulos
df4425a7d2 radius: consider Acct-Interim-Interval by default 
That can also be overriden by specifying 'override-interim-updates=true'
in the radius subconfig.
 2015-05-05 11:24:34 +02:00
Nikos Mavrogiannopoulos
70eca474c4 doc: use the "proper" URL for kdcproxy 2015-05-04 10:55:02 +02:00
Nikos Mavrogiannopoulos
ddfa37cf4a increased the tgt-freshness-time in examples 2015-04-29 17:36:14 +02:00
Nikos Mavrogiannopoulos
e54f6e2ac2 Added config option 'tgt-freshness-time' for GSSAPI 
This allows to set the maximum number of seconds a TGT ticket will
be valid for logging in the VPN. That can be used to prevent
a valid for a day TGT ticket from being used to login to VPN, and
addresses the use-case of where a laptop with a valid TGT ticket is
stolen.
 2015-04-29 10:41:27 +02:00
Nikos Mavrogiannopoulos
a588010c41 doc update 2015-04-23 10:28:21 +02:00
Nikos Mavrogiannopoulos
b27ff28971 updated sample.config 2015-03-04 10:28:15 +01:00
Nikos Mavrogiannopoulos
642edaae59 doc update: mention that banning cannot be combined with listen-clear-file 2015-03-03 15:37:58 +01:00
Nikos Mavrogiannopoulos
b4347e4971 updated documentation with options that will be read in reload 2015-03-03 11:44:51 +01:00
Nikos Mavrogiannopoulos
81b6b6bd3c doc update 2015-03-03 11:26:44 +01:00
Nikos Mavrogiannopoulos
b732a6e91e doc update 2015-03-03 11:19:30 +01:00
Nikos Mavrogiannopoulos
f33b7f9559 doc update 2015-03-03 11:06:54 +01:00
Nikos Mavrogiannopoulos
445ea63783 made the ban points configurable 2015-02-26 11:23:06 +01:00
Nikos Mavrogiannopoulos
7619895a25 removed server-name config option 2015-02-26 11:00:07 +01:00
Nikos Mavrogiannopoulos
c9efcae416 doc update 2015-02-26 09:24:24 +01:00
Nikos Mavrogiannopoulos
0aa2c86f08 Added points in KKDCP connections to prevent DoS attacks. 2015-02-25 14:31:21 +01:00
Nikos Mavrogiannopoulos
a3f5ae2551 Add a cost in number of connections per IP to prevent DoS attacks 2015-02-25 13:24:42 +01:00
Nikos Mavrogiannopoulos
a617485232 enforce of IP banning was moved to main 2015-02-25 13:16:56 +01:00
Nikos Mavrogiannopoulos
2f2f4a77d2 allow explicitly specifying the NAS identifier in radius 2015-02-24 18:59:05 +01:00
Nikos Mavrogiannopoulos
29e834da4d plain authentication uses the new parsing method 2015-02-24 13:53:37 +01:00
Nikos Mavrogiannopoulos
43caa1be14 radius will use the new sub-config format 2015-02-24 13:04:28 +01:00
Nikos Mavrogiannopoulos
e16ae6614c Added more advanced suboption parser 
That adds the ability to parse options in the form:
auth = "gssapi[option1=value1,option2=value2,...]
It also introduces the keytab, and require-local-user-map
suboptions for gssapi.
 2015-02-24 11:50:55 +01:00
Nikos Mavrogiannopoulos
40e96aae45 Separated accounting from authentication. 2015-02-23 15:19:44 +01:00
Nikos Mavrogiannopoulos
39494d54ed fixed sample.config 2015-02-21 16:59:52 +01:00
Nikos Mavrogiannopoulos
349cced46f doc update 2015-02-21 08:25:58 +01:00
Nikos Mavrogiannopoulos
c1a6f4730b Added the configure option server-name 
If set it will be used to set the NAS_IDENTIFIER in radius.
 2015-02-21 08:20:16 +01:00
Nikos Mavrogiannopoulos
9a3be087b4 kkdcp: allow the handling of multiple realms per URL 2015-02-19 15:27:55 +01:00
Nikos Mavrogiannopoulos
773d277802 kkdcp: perform the proper encoding and decoding on exchanged data 2015-02-19 11:47:20 +01:00
Nikos Mavrogiannopoulos
b300177eb7 Added max-password-retries config option 
That makes the number of retries prior to banning the IP
configurable.
 2015-02-19 11:47:20 +01:00
Nikos Mavrogiannopoulos
2d72c0a526 doc update 2015-02-19 11:47:20 +01:00
Nikos Mavrogiannopoulos
01ec22db27 Allow setting content-type urlfw, and allow tcp 2015-02-19 11:47:20 +01:00
Nikos Mavrogiannopoulos
494738dd55 Added url-fw config option 
That allows to specify a class of URLs where, if a client
POSTS to it, the data will be forwarded to the configured server,
and the client will receive its reply.
 2015-02-19 11:47:20 +01:00
Nikos Mavrogiannopoulos
afef74fa23 removed the certificate[optional] auth type 2015-02-19 11:47:20 +01:00
Nikos Mavrogiannopoulos
b6ef99b443 doc update 2015-02-12 21:10:12 +01:00
Nikos Mavrogiannopoulos
23586bdb9c no longer document the auth option certificate[optional] 2015-02-12 21:08:41 +01:00
Nikos Mavrogiannopoulos
aa10eb53c1 doc update 2015-02-11 11:44:57 +01:00