[Openswan dev] Xauth broken?

[Michael Richardson]

-----BEGIN PGP SIGNED MESSAGE-----


>>>>> "Jiva" == Jiva DeVoe <jiva at ixiacom.com> writes:
    Jiva> I read in the latest changelog that xauth was broken in
    Jiva> 2.2.0dr2.  Is it still broken in 2.2.0dr3?  And if so, what's
    Jiva> the nature of the breakage?  I might be willing to contribute
    Jiva> some coding if I know what the problem is.

    Jiva> I have tried to set up xauth client/server
    Jiva> openswan-to-openswan myself with this release and not been
    Jiva> able to.  I get a complaint of "policy mandates Extended
    Jiva> Authentication (XAUTH) with PSK of initiator (we are
    Jiva> responder).  Attribute OAKLEY_AUTHENTICATION_METHOD" in my
    Jiva> pluto log on the responder side.  Wondering if this is the
    Jiva> bug, or just my config being pooched?

    Jiva> Anyone know?

  Yes, that's the part that is broken.
  The algo patches cause the client to pick the wrong tradtional
authentication mechanism. It is solveable, but not cleanly.

- --
]     "Elmo went to the wrong fundraiser" - The Simpson         |  firewalls  [
]   Michael Richardson,    Xelerance Corporation, Ottawa, ON    |net architect[
] mcr at xelerance.com      http://www.sandelman.ottawa.on.ca/mcr/ |device driver[
] panic("Just another Debian GNU/Linux using, kernel hacking, security guy"); [


-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.2 (GNU/Linux)
Comment: Finger me for keys

iQCVAwUBQSD3xYqHRg3pndX9AQHsIgP/eWg9sPN170f1WTzA23oyxPwVIYKX32aj
xmK2nfxjgaovxcakABTy60gq+bxQ0VBYdbxWEcdS0Ghn8eEdzsutxSAhpiMC49pv
0lrFGKx6AeMgAmN9hVeJ3EqxYJ5ExBBAiQTpevJtlpYLx4Zcmf1jarnJSTZQLCvO
h6aQ8NpMAfc=
=zH7V
-----END PGP SIGNATURE-----