On Thu, Nov 3, 2022 at 2:18 PM Schütz Dominik <dominik.schu...@esolutions.de> wrote: > Hi, > > I have a question in connection with OpenConnect (currently > v9.01+74+g76dc679-0+113.1) and the Pulse Secure Appliance (currently 9.1R14). > > We authenticate with "protocol=pulse" and "protocol=nc" either with username > + password (case 1) or with our smartcard (case 2). > > > We would like to add a check on our Pulse appliance, if the hostname with > which the user authenticates via username + password or smartcard is in a > certain Active Directory group, it should be moved to another role. > > My question now is whether OpenConnect gives the Pulse Appliance the host > name associated with the user authentication?
Yes, this value is sent during authentication and tunnel connection/reconnection. See the source code of the precise build you are running: https://gitlab.com/openconnect/openconnect/blob/76dc679/pulse.c#L1411 BY DEFAULT, the value that OpenConnect sends on POSIX systems is the output of `uname -n`. However, the end user can easily send any other desired hostname to the server using: # This works for all supported protocols, not just Pulse openconnect --local-hostname="some.other.hostname" --protocol=pulse ... -Daniel _______________________________________________ openconnect-devel mailing list openconnect-devel@lists.infradead.org http://lists.infradead.org/mailman/listinfo/openconnect-devel
