Hello, I've just released ocserv 0.10.0. This release integrates support for the Kerberos protocol using GSSAPI, and adds support for MS-KKDCP to act as a proxy to KDC. Moreover this version separates accounting from authentication and allows for alternative authentication methods (e.g. PAM as main and GSSAPI as alternative). ocserv is a VPN server that implements the AnyConnect SSL VPN protocol and targets small embedded Linux devices. For the Kerberos/GSSAPI additions the openconnect client (currently in git) is required. * Version 0.10.0 (released 2015-03-10) - Added support for gssapi (e.g., Kerberos) authentication - Added support for alternative authentication methods, via enable-auth. That allows to set a suffcient for login authentication method that will be used as alternative to the main authentication. - Added support for MS-KKDCP. That is, the server can be used as an HTTP proxy to a KDC. - Accounting was split from authentication. That way radius accounting can be used in addition to any authentication method. - Added a score-based system for banning IP addresses. See min-reauth-time, max-ban-score and ban-reset-time. - Better handling of SIGHUP, and documentation of the variables that are updated. - Support for 'certificate[optional]' authentication has been removed. - occtl: Added commands to view banned IP list, as well as a command to unban selected IPs. The current release is available at: ftp://ftp.infradead.org/pub/ocserv/ocserv-0.10.0.tar.xz ftp://ftp.infradead.org/pub/ocserv/ocserv-0.10.0.tar.xz.sig The VPN server's web-site is at: http://www.infradead.org/ocserv regards, Nikos
