[Swan] UPDATE Re: Authentication with pam_url and nonces
Mirsad Goran Todorovac
mirsad.todorovac at alu.unizg.hr
Wed Feb 23 16:42:25 EET 2022
mTLS did not work for me.
I didn't invent my own crypto, but I used mutual HMAC authentication
with preshared secret and
pluggable hash functions. It is an evolutionary step for a server side
PHP script that relied on IP
address alone to verify its client.
If anyone thinks it is worth a look, it is here:
https://github.com/mtodorov3-69/pam_url/tree/experimental
It would probably be prudent to have a peer review of the code before it
is given for people trying
to authenticate the VPNs with PAM.
Kind regards,
Mirsad
On 7.2.2022. 19:51, Paul Wouters wrote:
> If you feel the pam TLS calls needs more than server side cert verification, you should look into client authentication, eg mTLS. Don’t invent your own crypto.
>
> Paul
--
Mirsad Todorovac
CARNet system engineer
Faculty of Graphic Arts | Academy of Fine Arts
University of Zagreb
Republic of Croatia, the European Union
--
CARNet sistem inženjer
Grafički fakultet | Akademija likovnih umjetnosti
Sveučilište u Zagrebu
More information about the Swan
mailing list