Project

General

Profile

eap-gtc Plugin » History » Version 3

Martin Willi, 10.08.2012 11:27
Updated EAP-GTC to now use XAuth backends

1 3 Martin Willi
h1. EAP-GTC Plugin
2 1 Martin Willi
3 3 Martin Willi
h2. Purpose
4 1 Martin Willi
5 3 Martin Willi
The _eap-gtc_ plugin is an IKEv2 EAP backend, as in "draft-sheffer-ipsecme-ikev2-gtc":http://tools.ietf.org/html/draft-sheffer-ipsecme-ikev2-gtc-02. It exchanges a plain password in the secure IKEv2 channel. This password can be verified using any XAuth password backend.
6 1 Martin Willi
7 3 Martin Willi
Before [[5.0.1]], the plugin verified the credentials directly against PAM. Now it can use any XAuth backend. By default it uses [[XAuthPAM|xauth-pam]], resembling the behavior of 4.x releases.
8 1 Martin Willi
9 3 Martin Willi
The plugin is disabled by default and can be enabled by adding
10 3 Martin Willi
<pre>--enable-eap-gtc</pre> to the ./configure options. You also need a XAuth backend to verify the password, such as
11 3 Martin Willi
<pre>--enable-xauth-pam</pre>
12 3 Martin Willi
13 1 Martin Willi
h2. Configuration
14 1 Martin Willi
15 3 Martin Willi
The plugin is configured using the following [[strongswanConf|strongswan.conf]] option:
16 1 Martin Willi
17 3 Martin Willi
|Key|Default|Description|
18 3 Martin Willi
|charon.plugins.eap-gtc.backend|pam|XAuth backend to use|