You don't really need to unless you use gssapi. Openconnect client or server 
only support spnego with gssapi and and if you needed that you should have 
restricted options via the auth gssapi parameter and krb5 config. It may be 
better to say what authentication you want to have on the server.

On February 14, 2018 7:03:09 AM UTC, Andrey Markovskiy <amarkows...@exadel.com> 
wrote:
>
>
>On 13.02.2018 13:04, Nikos Mavrogiannopoulos wrote:
>> On Mon, Feb 12, 2018 at 1:57 PM, Andrey Markovskiy
>> <amarkows...@exadel.com> wrote:
>>> Hi, All!
>>>
>>> We've installed ocserv with pam auth and when user send wrong
>password,
>>> client get:
>>> "Server 'xxx.xxx.xxx.xxx' requested Basic authentication which is
>disabled
>>> by default"
>>> We can set methods from client by command line option
>>> --http-auth=Negotiate,NTLM,Digest. How we can do it from server
>side?
>> To configure ocserv, I'd suggest to check:
>> http://ocserv.gitlab.io/www/recipes.html
>>
>> regards,
>> Nikos
>Nikos,
>
>I've read recipes but I didn't found any information related to my 
>question.
>I'll try to ask by different way: how to restrict http auth methods
>from 
>server side as we do it from client side (--http-auth=)?

-- 
Sent from my mobile. Please excuse my brevity.

_______________________________________________
openconnect-devel mailing list
openconnect-devel@lists.infradead.org
http://lists.infradead.org/mailman/listinfo/openconnect-devel

Reply via email to