Re: Difficulties with network-manager-openconnect

On Tue, 2016-04-05 at 12:33 -0500, Dan Williams wrote:
nm-openconnect runs as root, but it spawns the actual openconnect
process as the 'nm-openconnect' user for security.  That user must be
able to access your certificates.

No, the certificates are only used by nm-auth-dialog, which runs in the
user's session. Needing access to the user's certificates from nm-
openconnect would be... a bad design. I didn't design it like that :)

When nm-auth-dialog runs to completion, it provides three "secrets"
which are then passed to the openconnect process (running, as you say,
as the nm-openconnect user). Those are:

 - Final IP address of the server (after load-balancing/redirection)
 - SHA256 hash of server's SSL certificate
 - 'webvpn' cookie, which represents the successful login session

The openconnect process doesn't need to authenticate because that's
already been done; it only needs the 'webvpn' cookie which is the
result of a successful authentication.

And it's explicitly provided with the hash of the SSL cert it expects
to see too — so it doesn't *even* need to have access to the same
trusted CA database (and doesn't need to interact with the user to ask
if they want to accept a bad cert, since the auth-dialog already did


Attachment: smime.p7s
Description: S/MIME cryptographic signature

[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]