On Wed, Apr 12, 2006 at 10:48:38AM -0500, Eric Pancer wrote:
> On Wed, 2006-04-12 at 12:21:33 -0300, Giancarlo Razzolini proclaimed...
>
> > I wrote a plugin for Openvpn that does authentication using the passwd
> > or the shadow files. I wrote it cause the only authentication plugin for
> > openvpn is the auth-pam, and i needed to do authentication using the
> > shadow suite. I then wrote a small C program that did this, and used the
> > --auth-user-pass-verify directive from the openvpn. But in this setup,
> > you can't drop the privileges nor chroot the openvpn process.
> >
> > So, i wrote the plugin. As there isn't an easy way to check if the
> > system is using shadow passwords or not, you must alter a compiler
> > directive in the makefile. On BSD systems, the getpwnam(3) is a wrapper
> > function that does authentication from the file that have the user
> > passwords, in the OpenBSD, master.passwd. So, to make it work in
> > OpenBSD, you have to set the compiler directive USE_SHADOW to 0. I've
> > tested it in OpenBSD 3.8, and it works, but more testing is needed. I
> > would appreciate any suggestions, reports and comments.
>
> Shadow passwords? Auth pam? You must have the wrong mailing list; we don't
> use those broken technologies here.
In fact, the OP seems to have created a version that does not use these
technologies with OpenBSD, so that should not be the problem.
Joachim
