Project

General

Profile

eap-gtc Plugin » History » Version 3

« Previous - Version 3/5 (diff) - Next » - Current version
Martin Willi, 10.08.2012 11:27
Updated EAP-GTC to now use XAuth backends


EAP-GTC Plugin

Purpose

The eap-gtc plugin is an IKEv2 EAP backend, as in draft-sheffer-ipsecme-ikev2-gtc. It exchanges a plain password in the secure IKEv2 channel. This password can be verified using any XAuth password backend.

Before 5.0.1, the plugin verified the credentials directly against PAM. Now it can use any XAuth backend. By default it uses xauth-pam, resembling the behavior of 4.x releases.

The plugin is disabled by default and can be enabled by adding

--enable-eap-gtc
to the ./configure options. You also need a XAuth backend to verify the password, such as
--enable-xauth-pam

Configuration

The plugin is configured using the following strongswan.conf option:

Key Default Description
charon.plugins.eap-gtc.backend pam XAuth backend to use