Project

General

Profile

xauth-noauth plugin

Purpose

The xauth-noauth plugin is an IKEv1 XAuth server backend. It does actually not send a username/password request, but directly sends XAuth-Succcess to skip XAuth authentication. It is useful for clients that insist on doing XAuth, but it is actually not intended by the administrator. Authentication relies on the client RSA private key, only.

The plugin is also useful for iOS / OS X clients, where it can be used to survive ISAKMP reauthentication.

The plugin was introduced in 5.0.3.

Configuration

To authenticate clients with this backend, set:

  rightauth=pubkey
  rightauth2=xauth-noauth

Please note that setting rightauth2=xauth does not use xauth-noauth for security reasons, even if it is the only available XAuth backend.