> Is it possible to create plugin of my own to request > credential/password?
Yes. The daemon queries the registered credential_set_t [1] instances for credentials; in such an implementation you can request the password from the user. There is a simple callback based wrapper [2] to query passwords with a callback function. It is used, for example, by charon-cmd to query passwords on the console [3]. > Main obstacle I see here is how IKE daemon will behave itself in case > of long plugin callback execution time as user can be quite slow in > response. This is usually not a problem. The executing thread will block, but all others work as usual. For XAuth you might see password request retransmits for the server, but the daemon handles all that for you. > Another question I want ask: Is there anything like "ipsec stroke > user-creds" to setup password for private key decryption during public > key auth? You can set the decryption password to "%prompt" in ipsec.secrets, and then use "ipsec secrets" to enter it on the console. The key is decrypted, but kept unencrypted in memory for further use. If that is not acceptable, you may return a private_key_t instance from a custom credential_set_t, which wraps all the decryption logic. Regards Martin [1]http://git.strongswan.org/?p=strongswan.git;a=blob;f=src/libstrongswan/credentials/credential_set.h [2]http://git.strongswan.org/?p=strongswan.git;a=blob;f=src/libstrongswan/credentials/sets/callback_cred.h [3]http://git.strongswan.org/?p=strongswan.git;a=blob;f=src/charon-cmd/cmd/cmd_creds.c _______________________________________________ Users mailing list [email protected] https://lists.strongswan.org/mailman/listinfo/users
