Hi, the ipsec stroke user-creds is perferctly for me purpose. I have to ask the user for the username/password anyway with some kind of graphical interface and pass it down to ipsec.
Does this work in a similar way for smartcard pins? (I didn't tested ipsec rereadsecrets, but I guess it will read _all_ secrets and not only the pin I want to pass over) Thank & Regards Gerald > -----Original Message----- > From: Tobias Brunner [mailto:[email protected]] > Sent: Tuesday, September 18, 2012 4:58 PM > To: Martin Willi > Cc: Gerald Richter - ECOS; [email protected] > Subject: Re: [strongSwan] Prompting for Credentials with strongswan 5 > > Hi Gerald, Martin, > > >> What I would like to have, is that the user gets ask for username > >> _and_ password (maybe with some default username already filled in). > >> Is it possible to supply the username via the credential manager or > >> can it only be changed in the config, so I have to do it upfront? > > > > Usually the different identities are part of the configuration. When > > you use configurations from ipsec.conf, you currently can't change > > them dynamically. > > That's not entirely true. There is a (slightly hackish) feature of stroke that > allows you to set username and password for configs that are configured for > EAP or XAuth (only with [1] or the upcoming 5.0.1) authentication (e.g. with > leftauth=eap): > > ipsec stroke user-creds <conn> <username> [<password>] > > If the password is not given on the command line the user is prompted for it. > The username is not optional, so you'd have to prompt the user yourself to > get that (and since it uses the stroke socket, root permission is required to > execute this command). And it only works if executed before the > connection is started with ipsec up <conn>. > > Regards, > Tobias > > [1] http://git.strongswan.org/?p=strongswan.git;a=commitdiff;h=8c19323c _______________________________________________ Users mailing list [email protected] https://lists.strongswan.org/mailman/listinfo/users
