diff options
author | Niklas Hallqvist <niklas@cvs.openbsd.org> | 1999-08-26 22:30:09 +0000 |
---|---|---|
committer | Niklas Hallqvist <niklas@cvs.openbsd.org> | 1999-08-26 22:30:09 +0000 |
commit | fd017c93a0b2179074671fb0494c38c9456fd904 (patch) | |
tree | 0d5591bf25ae2b55adfd67ef8439b2dae40ce052 /sbin/isakmpd/isakmp_num.cst | |
parent | bf8d1ed4926ea7bf4d3a5a78ea0f5b89d4e4ac8a (diff) |
Merge with EOM 1.38
author: angelos
When doing preshared key authentication, if the responder has the
initiator's ID (as is the case in aggressive mode) and a shared key
cannot be found for the initiator's address (as may be the case for a
roaming laptop user), try to find the password under using as a lookup
key the initiator's Phase 1 ID, if it's an IPv4 address, an FQDN
(host.domain), or a User-FQDN (user@host.domain). This allows us to
support roaming laptop users with preshared key authentication, using
aggressive mode (sick).
There is also a lot of experimental, insecure, and ifdef'd out code
for fetching credentials and secret passphrases from a remote server
if all else fails. Extremely experimental code. Don't use. You'll be
blinded and your hair will fall if you even think about using it. You
have been warned.
author: angelos
Complete policy work; tested for the shared-key case. Documentation needed.
author: ho
Compile without USE_LIBCRYPTO and HAVE_DLOPEN.
author: niklas
Missing dynamic link fixes
author: niklas
Add support for dynamic loading of optional facilities, libcrypto first.
Diffstat (limited to 'sbin/isakmpd/isakmp_num.cst')
0 files changed, 0 insertions, 0 deletions