Hi Karl, > How can I temporarily disable the user, without revoking the > certificate, can I do that? > > Do I revoke it, and to re-enable by removing it from the CRL? Is there > an easier way?
Setting the certificate on-hold is certainly an option, using a CRL or even better an OCSP service. Alternatively, you may consider using the whitelist [1] plugin. Once enabled, the plugin allows connections only from explicitly specified users. It requires that you maintain a complete list of allowed users (not those blocked). Regards Martin [1]http://wiki.strongswan.org/projects/strongswan/wiki/Whitelist _______________________________________________ Users mailing list [email protected] https://lists.strongswan.org/mailman/listinfo/users
