On 02/19/2014 09:24 AM, Martin Willi wrote:
Hi Karl,
How can I temporarily disable the user, without revoking the
certificate, can I do that?
Do I revoke it, and to re-enable by removing it from the CRL? Is there
an easier way?
Setting the certificate on-hold is certainly an option, using a CRL or
even better an OCSP service.
Alternatively, you may consider using the whitelist [1] plugin. Once
enabled, the plugin allows connections only from explicitly specified
users. It requires that you maintain a complete list of allowed users
(not those blocked).
Regards
Martin
[1]http://wiki.strongswan.org/projects/strongswan/wiki/Whitelist
Thanks Martin, the whitelist looks like what I want.
_______________________________________________
Users mailing list
[email protected]
https://lists.strongswan.org/mailman/listinfo/users
