|
|
> Has anyone successfully integrated OpenVPN road warriors to authenticate
> via AD through pam?
This might not work for you for other reasons, but instead of pam have you
considered using kx509 instead? Authenticate directly against AD (or via an
MIT KDC intermediary, if you don't want to expose your AD KDC), use the
kerberos ticket to obtain an ephemeral X.509 certificate from the KCA, and
then present that to OpenVPN?
(We're doing exactly this, but with an MIT KDC rather than AD. I'm
connected back to base from home using it right now, in fact.)
--
Dr George D M Ross, School of Informatics, University of Edinburgh
Kings Buildings, Mayfield Road, Edinburgh, Scotland, EH9 3JZ
Mail: gdmr@xxxxxxxxxxxx Voice: +44 131 650 5147 Fax: +44 131 667 7209
PGP: 1024D/AD758CC5 B91E D430 1E0D 5883 EF6A 426C B676 5C2B AD75 8CC5
Attachment:
pgp8EIBf5ibRD.pgp
Description: PGP signature
Warning: require_once(../../../archive_common.php) [function.require-once]: failed to open stream: No such file or directory in /home/openvpn/domains/openvpn.net/public_html/archive/openvpn-users/2005-05/msg00070.html on line 192
Fatal error: require_once() [function.require]: Failed opening required '../../../archive_common.php' (include_path='/usr/local/lib/php') in /home/openvpn/domains/openvpn.net/public_html/archive/openvpn-users/2005-05/msg00070.html on line 192
|