On Tue, 2015-02-17 at 18:00 +0100, Nikos Mavrogiannopoulos wrote: > > That's a patch which adds support for SPNEGO authentication (i.e., > GSSAPI - kerberos) to openconnect. Currently it interoperates with > ocserv's gssapi branch. I'm not sure whether re-using the proxy auth > structures is the right thing (i.e., whether it wouldn't interfere > with it). Yeah, I think that's probably going to break for the case where you authenticate to a proxy using GSSAPI, *and* authenticate to the VPN server using GSSAPI too. You want a separate auth structure for the real server. I'd also much prefer this to not be GSSAPI-specific. The existing code for proxy authentication already handles four auth methods without much special-casing, and I'd prefer to see us handling all four for the VPN connection too. It's not unlikely that we'll end up needing that with the various crap that people seem to be putting in front of Juniper login pages. -- dwmw2 -------------- next part -------------- A non-text attachment was scrubbed... Name: smime.p7s Type: application/x-pkcs7-signature Size: 5745 bytes Desc: not available URL: <http://lists.infradead.org/pipermail/openconnect-devel/attachments/20150217/bd9c9034/attachment.bin>
