[Swan] UPDATE Re: Authentication with pam_url and nonces
Mirsad Goran Todorovac
mirsad.todorovac at alu.unizg.hr
Wed Feb 23 16:42:25 EET 2022
mTLS did not work for me.
I didn't invent my own crypto, but I used mutual HMAC authentication
with preshared secret and
pluggable hash functions. It is an evolutionary step for a server side
PHP script that relied on IP
address alone to verify its client.
If anyone thinks it is worth a look, it is here:
It would probably be prudent to have a peer review of the code before it
is given for people trying
to authenticate the VPNs with PAM.
On 7.2.2022. 19:51, Paul Wouters wrote:
> If you feel the pam TLS calls needs more than server side cert verification, you should look into client authentication, eg mTLS. Don’t invent your own crypto.
CARNet system engineer
Faculty of Graphic Arts | Academy of Fine Arts
University of Zagreb
Republic of Croatia, the European Union
CARNet sistem inženjer
Grafički fakultet | Akademija likovnih umjetnosti
Sveučilište u Zagrebu
More information about the Swan