[Openswan dev] Xauth broken?
mcr at sandelman.ottawa.on.ca
Mon Aug 16 15:07:02 CEST 2004
-----BEGIN PGP SIGNED MESSAGE-----
>>>>> "Jiva" == Jiva DeVoe <jiva at ixiacom.com> writes:
Jiva> I read in the latest changelog that xauth was broken in
Jiva> 2.2.0dr2. Is it still broken in 2.2.0dr3? And if so, what's
Jiva> the nature of the breakage? I might be willing to contribute
Jiva> some coding if I know what the problem is.
Jiva> I have tried to set up xauth client/server
Jiva> openswan-to-openswan myself with this release and not been
Jiva> able to. I get a complaint of "policy mandates Extended
Jiva> Authentication (XAUTH) with PSK of initiator (we are
Jiva> responder). Attribute OAKLEY_AUTHENTICATION_METHOD" in my
Jiva> pluto log on the responder side. Wondering if this is the
Jiva> bug, or just my config being pooched?
Jiva> Anyone know?
Yes, that's the part that is broken.
The algo patches cause the client to pick the wrong tradtional
authentication mechanism. It is solveable, but not cleanly.
] "Elmo went to the wrong fundraiser" - The Simpson | firewalls [
] Michael Richardson, Xelerance Corporation, Ottawa, ON |net architect[
] mcr at xelerance.com http://www.sandelman.ottawa.on.ca/mcr/ |device driver[
] panic("Just another Debian GNU/Linux using, kernel hacking, security guy"); [
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.2 (GNU/Linux)
Comment: Finger me for keys
-----END PGP SIGNATURE-----
More information about the Dev