On Wed, 2006-04-12 at 12:21:33 -0300, Giancarlo Razzolini proclaimed... > I wrote a plugin for Openvpn that does authentication using the passwd > or the shadow files. I wrote it cause the only authentication plugin for > openvpn is the auth-pam, and i needed to do authentication using the > shadow suite. I then wrote a small C program that did this, and used the > --auth-user-pass-verify directive from the openvpn. But in this setup, > you can't drop the privileges nor chroot the openvpn process. > > So, i wrote the plugin. As there isn't an easy way to check if the > system is using shadow passwords or not, you must alter a compiler > directive in the makefile. On BSD systems, the getpwnam(3) is a wrapper > function that does authentication from the file that have the user > passwords, in the OpenBSD, master.passwd. So, to make it work in > OpenBSD, you have to set the compiler directive USE_SHADOW to 0. I've > tested it in OpenBSD 3.8, and it works, but more testing is needed. I > would appreciate any suggestions, reports and comments.
Shadow passwords? Auth pam? You must have the wrong mailing list; we don't use those broken technologies here.
