Yes you can change password for users with ocpasswd, proof: qzhou at myserver:~$ sudo ocpasswd test Enter password: 123 Re-enter password: 123 qzhou at myserver:~$ sudo cat /etc/ocserv/ocpasswd test:*:$5$dxY5ynmGtDsvRQ6U$uQJZsM.2HQKfIr01/6X4dLVQgWLAcxCUrd2vHadudp5 qzhou at myserver:~$ sudo ocpasswd test Enter password: 456 Re-enter password: 456 qzhou at myserver:~$ sudo cat /etc/ocserv/ocpasswd test:*:$5$09af.jFO48aALBHJ$fBT4D9w7WEXsT7ahJjb.gbbKvabklzn.E0RVCHs2Yg0 And yes, you can use multiple X-CSTP-Split-Exclude, I do this all the time. Regards, Quan Zhou +------------------------+ |pub [expires 2015-09-05]| |44D2 0307 1643 E80F 2E31| |F081 FAFA 6643 7F9F D46F| +------------------------+ |qzhou at live.de | |https://keybase.io/qzhou| +------------------------+ > On Mar 23, 2015, at 4:41 PM, Janner Chang <jannerchang at me.com> wrote: > > OK?I want to know if ocpasswd change the origin user?s password,and how to add multi address for custom-header = "X-CSTP-Split-Exclude: 166.111.0.0/255.255.0.0? just like? > > custom-header = "X-CSTP-Split-Exclude: 166.111.0.0/255.255.0.0? > custom-header = "X-CSTP-Split-Exclude: 166.112.0.0/255.255.0.0? > > like this? > > thx > > > >> ? 2015?3?23??16:30?Quan Zhou <qzhou at live.de> ??? >> >> Somehow I can, but what kind of message do you need for them? ?Nihau! ocpasswd! Nihau! X-CSTP-Split-Exclude" >> >> In case you might be referring to purpose of them: >> >> ??? ocpasswd ??? >> [qzhou$hobbiton:~] ocpasswd --help >> ocpasswd - OpenConnect server password utility >> Usage: ocpasswd [ -<flag> [<val>] | --<name>[{=| }<val>] ]... [username] >> >> -c, --passwd=file Password file >> -g, --groupname=str User's group name >> -d, --delete Delete user >> -l, --lock Lock user >> -u, --unlock Unlock user >> -v, --version[=arg] output version information and exit >> -h, --help display extended usage information and exit >> -!, --more-help extended usage information passed thru pager >> >> Options are specified by doubled hyphens and their name or by a single >> hyphen and the flag character. >> Operands and options may be intermixed. They will be reordered. >> >> This program is openconnect password (ocpasswd) utility. It allows the >> generation and handling of a 'plain' password file used by ocserv. >> >> Please send bug reports to: <openconnect-devel at lists.infradead.org> >> >> ?? end of ocpasswd ?? >> >> As for X-Split*, it is a feature called split tunnel, a custom tunnel helps anyconnect client to set up route properly. >> In your case, X-CSTP-Split-Exclude tells anyconnect to avoid tunneling specific IPs. Wrap it up as a example: >> ``` >> custom-header = "X-CSTP-Split-Exclude: 166.111.0.0/255.255.0.0? >> ??? >> this will tell client to directly access all addresses within subnet 166.111.0.0/16. >> >> Hope it was helpful. >> >> Regards, >> >> Quan Zhou >> >> +------------------------+ >> |pub [expires 2015-09-05]| >> |44D2 0307 1643 E80F 2E31| >> |F081 FAFA 6643 7F9F D46F| >> +------------------------+ >> |qzhou at live.de | >> |https://keybase.io/qzhou| >> +------------------------+ >> >>> On Mar 23, 2015, at 4:11 PM, Janner Chang <jannerchang at me.com> wrote: >>> >>> Hi, >>> >>> Can you speak Chinese? I can?t find any message for ocpasswd and custom-header = `X-CSTP-Split-Exclude? >>> >>> Regards. >>> >>> JannerChang >>> >>>> ? 2015?3?23??16:06?Quan Zhou <qzhou at live.de> ??? >>>> >>>> Hi, >>>> >>>> This is a message for ocpasswd and custom-header = `X-CSTP-Split-Exclude? >>>> >>>> Hope you enjoyed it. >>>> >>>> Regards, >>>> >>>> Quan Zhou >>>> >>>> +------------------------+ >>>> |pub [expires 2015-09-05]| >>>> |44D2 0307 1643 E80F 2E31| >>>> |F081 FAFA 6643 7F9F D46F| >>>> +------------------------+ >>>> |qzhou at live.de | >>>> |https://keybase.io/qzhou| >>>> +------------------------+ >>>> >>>>> On Mar 23, 2015, at 3:51 PM, Janner Chang <jannerchang at me.com> wrote: >>>>> >>>>> Hi: >>>>> I need some messsage for ocpasswd and custom-header = ?X-CSTP-Split-Exclude >>>>> >>>>> >>>>> _______________________________________________ >>>>> openconnect-devel mailing list >>>>> openconnect-devel at lists.infradead.org >>>>> http://lists.infradead.org/mailman/listinfo/openconnect-devel >>>> >>> >> > -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 455 bytes Desc: Message signed with OpenPGP using GPGMail URL: <http://lists.infradead.org/pipermail/openconnect-devel/attachments/20150323/5a5f8b8b/attachment.sig>
