On 09/05/2018 16:17, Christian Salway wrote: > Unfortunately IKEv2 is a requirement, and they have requested > username/password authentication because they don't like the "struggles" > of installed a CA cert and a client cert. > > Currently the authentication is done with MSCHAPv2 which requires SS to > have a plain text copy of the password in order to create the Challenge > hash, I understand that.... however, what if SS was able to retrieve the > plain text password from another source other than a local config file, > eg Amazon's SecretsManager for example? Is this something that is > available or that you guys could write (at a price Im sure)? > If you migrate all the password information into a radius server, that can handle both linux and strongswan login.
Tony
pEpkey.asc
Description: application/pgp-keys