ocserv

mirror of https://gitlab.com/openconnect/ocserv.git synced 2026-02-10 08:46:58 +08:00

Author	SHA1	Message	Date
Nikos Mavrogiannopoulos	df4425a7d2	radius: consider Acct-Interim-Interval by default That can also be overriden by specifying 'override-interim-updates=true' in the radius subconfig.	2015-05-05 11:24:34 +02:00
Nikos Mavrogiannopoulos	70eca474c4	doc: use the "proper" URL for kdcproxy	2015-05-04 10:55:02 +02:00
Nikos Mavrogiannopoulos	ddfa37cf4a	increased the tgt-freshness-time in examples	2015-04-29 17:36:14 +02:00
Nikos Mavrogiannopoulos	e54f6e2ac2	Added config option 'tgt-freshness-time' for GSSAPI This allows to set the maximum number of seconds a TGT ticket will be valid for logging in the VPN. That can be used to prevent a valid for a day TGT ticket from being used to login to VPN, and addresses the use-case of where a laptop with a valid TGT ticket is stolen.	2015-04-29 10:41:27 +02:00
Nikos Mavrogiannopoulos	a588010c41	doc update	2015-04-23 10:28:21 +02:00
Nikos Mavrogiannopoulos	b27ff28971	updated sample.config	2015-03-04 10:28:15 +01:00
Nikos Mavrogiannopoulos	642edaae59	doc update: mention that banning cannot be combined with listen-clear-file	2015-03-03 15:37:58 +01:00
Nikos Mavrogiannopoulos	b4347e4971	updated documentation with options that will be read in reload	2015-03-03 11:44:51 +01:00
Nikos Mavrogiannopoulos	81b6b6bd3c	doc update	2015-03-03 11:26:44 +01:00
Nikos Mavrogiannopoulos	b732a6e91e	doc update	2015-03-03 11:19:30 +01:00
Nikos Mavrogiannopoulos	f33b7f9559	doc update	2015-03-03 11:06:54 +01:00
Nikos Mavrogiannopoulos	445ea63783	made the ban points configurable	2015-02-26 11:23:06 +01:00
Nikos Mavrogiannopoulos	7619895a25	removed server-name config option	2015-02-26 11:00:07 +01:00
Nikos Mavrogiannopoulos	c9efcae416	doc update	2015-02-26 09:24:24 +01:00
Nikos Mavrogiannopoulos	0aa2c86f08	Added points in KKDCP connections to prevent DoS attacks.	2015-02-25 14:31:21 +01:00
Nikos Mavrogiannopoulos	a3f5ae2551	Add a cost in number of connections per IP to prevent DoS attacks	2015-02-25 13:24:42 +01:00
Nikos Mavrogiannopoulos	a617485232	enforce of IP banning was moved to main	2015-02-25 13:16:56 +01:00
Nikos Mavrogiannopoulos	2f2f4a77d2	allow explicitly specifying the NAS identifier in radius	2015-02-24 18:59:05 +01:00
Nikos Mavrogiannopoulos	29e834da4d	plain authentication uses the new parsing method	2015-02-24 13:53:37 +01:00
Nikos Mavrogiannopoulos	43caa1be14	radius will use the new sub-config format	2015-02-24 13:04:28 +01:00
Nikos Mavrogiannopoulos	e16ae6614c	Added more advanced suboption parser That adds the ability to parse options in the form: auth = "gssapi[option1=value1,option2=value2,...] It also introduces the keytab, and require-local-user-map suboptions for gssapi.	2015-02-24 11:50:55 +01:00
Nikos Mavrogiannopoulos	40e96aae45	Separated accounting from authentication.	2015-02-23 15:19:44 +01:00
Nikos Mavrogiannopoulos	39494d54ed	fixed sample.config	2015-02-21 16:59:52 +01:00
Nikos Mavrogiannopoulos	349cced46f	doc update	2015-02-21 08:25:58 +01:00
Nikos Mavrogiannopoulos	c1a6f4730b	Added the configure option server-name If set it will be used to set the NAS_IDENTIFIER in radius.	2015-02-21 08:20:16 +01:00
Nikos Mavrogiannopoulos	9a3be087b4	kkdcp: allow the handling of multiple realms per URL	2015-02-19 15:27:55 +01:00
Nikos Mavrogiannopoulos	773d277802	kkdcp: perform the proper encoding and decoding on exchanged data	2015-02-19 11:47:20 +01:00
Nikos Mavrogiannopoulos	b300177eb7	Added max-password-retries config option That makes the number of retries prior to banning the IP configurable.	2015-02-19 11:47:20 +01:00
Nikos Mavrogiannopoulos	2d72c0a526	doc update	2015-02-19 11:47:20 +01:00
Nikos Mavrogiannopoulos	01ec22db27	Allow setting content-type urlfw, and allow tcp	2015-02-19 11:47:20 +01:00
Nikos Mavrogiannopoulos	494738dd55	Added url-fw config option That allows to specify a class of URLs where, if a client POSTS to it, the data will be forwarded to the configured server, and the client will receive its reply.	2015-02-19 11:47:20 +01:00
Nikos Mavrogiannopoulos	afef74fa23	removed the certificate[optional] auth type	2015-02-19 11:47:20 +01:00
Nikos Mavrogiannopoulos	b6ef99b443	doc update	2015-02-12 21:10:12 +01:00
Nikos Mavrogiannopoulos	23586bdb9c	no longer document the auth option certificate[optional]	2015-02-12 21:08:41 +01:00
Nikos Mavrogiannopoulos	aa10eb53c1	doc update	2015-02-11 11:44:57 +01:00
Nikos Mavrogiannopoulos	bcea928abe	Added support for no-routes (X-Split-Exclude)	2015-02-06 14:05:10 +01:00
Nikos Mavrogiannopoulos	99c9a8ef6a	enable min-reauth-time in default configuration	2015-01-24 13:56:41 +01:00
Nikos Mavrogiannopoulos	bcef2eb16b	doc update	2015-01-20 14:26:42 +01:00
Nikos Mavrogiannopoulos	04a9381068	Compression is disabled by default	2015-01-16 10:45:53 +01:00
Nikos Mavrogiannopoulos	8d2a562af1	increased MIN_NO_COMPRESS_LIMIT	2015-01-15 21:00:32 +01:00
Nikos Mavrogiannopoulos	048b25ba45	Made the no-compress-limit configurable	2015-01-15 18:31:33 +01:00
Nikos Mavrogiannopoulos	fe848ad153	replaced use-seccomp by isolate-workers That, if enabled, includes the Linux namespaces restrictions into workers.	2015-01-15 10:25:23 +01:00
Nikos Mavrogiannopoulos	2f3d520c85	do not enforce PFS on default strings That allows legacy clients connect.	2015-01-11 12:22:27 +01:00
Nikos Mavrogiannopoulos	50f2fb88f6	simplify the input of IPv6 networks The prefix is specified as part of the network.	2014-12-29 20:15:36 +02:00
Nikos Mavrogiannopoulos	80459cfbd5	the default strings will enforce PFS	2014-12-25 10:56:19 +02:00
Nikos Mavrogiannopoulos	113ae94f13	removed unused option	2014-12-14 14:06:03 +01:00
Nikos Mavrogiannopoulos	93125ea945	updated documentation on radius	2014-12-10 11:46:17 +01:00
Nikos Mavrogiannopoulos	320773e80a	Added support for radius interim updates	2014-12-10 11:18:29 +01:00
Nikos Mavrogiannopoulos	766afb591a	Added support for reading user configuration from radius.	2014-12-09 15:38:27 +01:00
Nikos Mavrogiannopoulos	2194e11b39	Added support for radius authentication	2014-12-09 10:59:18 +01:00

1 2 3 4

173 Commits