|
|
|
|
@ -43,8 +43,8 @@ auth = "pam"
|
|
|
|
|
# Specify alternative authentication methods that are sufficient
|
|
|
|
|
# for authentication. That is, if set, any of the methods enabled
|
|
|
|
|
# will be sufficient to login.
|
|
|
|
|
#enable-auth = certificate
|
|
|
|
|
#enable-auth = gssapi
|
|
|
|
|
#enable-auth = "certificate"
|
|
|
|
|
#enable-auth = "gssapi"
|
|
|
|
|
#enable-auth = "gssapi[keytab=/etc/key.tab,require-local-user-map=true,tgt-freshness-time=900]"
|
|
|
|
|
|
|
|
|
|
# Accounting methods available:
|
|
|
|
|
@ -178,12 +178,21 @@ server-key = /etc/pki/ocserv/private/server.key
|
|
|
|
|
# Make sure that you replace the following file in an atomic way.
|
|
|
|
|
#ocsp-response = /path/to/ocsp.der
|
|
|
|
|
|
|
|
|
|
# In case PKCS #11 or TPM keys are used the PINs should be available
|
|
|
|
|
# In case PKCS #11, TPM or encrypted keys are used the PINs should be available
|
|
|
|
|
# in files. The srk-pin-file is applicable to TPM keys only, and is the
|
|
|
|
|
# storage root key.
|
|
|
|
|
#pin-file = /path/to/pin.txt
|
|
|
|
|
#srk-pin-file = /path/to/srkpin.txt
|
|
|
|
|
|
|
|
|
|
# The password or PIN needed to unlock the key in server-key file.
|
|
|
|
|
# Only needed if the file is encrypted or a PKCS #11 object. This
|
|
|
|
|
# is an alternative method to pin-file.
|
|
|
|
|
#key-pin = 1234
|
|
|
|
|
|
|
|
|
|
# The SRK PIN for TPM.
|
|
|
|
|
# This is an alternative method to srk-pin-file.
|
|
|
|
|
#srk-pin = 1234
|
|
|
|
|
|
|
|
|
|
# The Certificate Authority that will be used to verify
|
|
|
|
|
# client certificates (public keys) if certificate authentication
|
|
|
|
|
# is set.
|
|
|
|
|
|
Nikos Mavrogiannopoulos
10 years ago