On Tue, 2016-04-05 at 12:33 -0500, Dan Williams wrote:
nm-openconnect runs as root, but it spawns the actual openconnect process as the 'nm-openconnect' user for security. That user must be able to access your certificates.
No, the certificates are only used by nm-auth-dialog, which runs in the user's session. Needing access to the user's certificates from nm- openconnect would be... a bad design. I didn't design it like that :) When nm-auth-dialog runs to completion, it provides three "secrets" which are then passed to the openconnect process (running, as you say, as the nm-openconnect user). Those are: - Final IP address of the server (after load-balancing/redirection) - SHA256 hash of server's SSL certificate - 'webvpn' cookie, which represents the successful login session The openconnect process doesn't need to authenticate because that's already been done; it only needs the 'webvpn' cookie which is the result of a successful authentication. And it's explicitly provided with the hash of the SSL cert it expects to see too — so it doesn't *even* need to have access to the same trusted CA database (and doesn't need to interact with the user to ask if they want to accept a bad cert, since the auth-dialog already did that). -- dwmw2
Attachment:
smime.p7s
Description: S/MIME cryptographic signature