Set http-auth methods list from server side

Nikos Mavrogiannopoulos n.mavrogiannopoulos at gmail.com
Wed Feb 14 05:15:34 PST 2018


You don't really need to unless you use gssapi. Openconnect client or server only support spnego with gssapi and and if you needed that you should have restricted options via the auth gssapi parameter and krb5 config. It may be better to say what authentication you want to have on the server.

On February 14, 2018 7:03:09 AM UTC, Andrey Markovskiy <amarkowskij at exadel.com> wrote:
>
>
>On 13.02.2018 13:04, Nikos Mavrogiannopoulos wrote:
>> On Mon, Feb 12, 2018 at 1:57 PM, Andrey Markovskiy
>> <amarkowskij at exadel.com> wrote:
>>> Hi, All!
>>>
>>> We've installed ocserv with pam auth and when user send wrong
>password,
>>> client get:
>>> "Server 'xxx.xxx.xxx.xxx' requested Basic authentication which is
>disabled
>>> by default"
>>> We can set methods from client by command line option
>>> --http-auth=Negotiate,NTLM,Digest. How we can do it from server
>side?
>> To configure ocserv, I'd suggest to check:
>> http://ocserv.gitlab.io/www/recipes.html
>>
>> regards,
>> Nikos
>Nikos,
>
>I've read recipes but I didn't found any information related to my 
>question.
>I'll try to ask by different way: how to restrict http auth methods
>from 
>server side as we do it from client side (--http-auth=)?

-- 
Sent from my mobile. Please excuse my brevity.



More information about the openconnect-devel mailing list