Multiple authentication methods
I am unable to connect an openconnect client using just certificate auth only. Enabled on the server are plain (auth), gssapi (enable-auth) and certificate (enable-auth). The initial cert verification succeeds but ocserv then proceeds to try gssapi which fails for this client as it isn't configured for kerberos.
Jul 16 21:42:13 xxx.xxx.xxx.xxx ocserv: worker: client certificate verification succeeded Jul 16 21:42:13 xxx.xxx.xxx.xxx ocserv: sec-mod: using 'gssapi' authentication to authenticate user (session: QvmDNS)
This is the relevant part of the config file:
auth = "plain[passwd=/etc/ocserv/ocpasswd]" enable-auth = "certificate" ca-cert = /etc/ssl/certs/xxx.pem cert-user-oid = 22.214.171.124 enable-auth = "gssapi[keytab=/etc/krb5.keytab,require-local-user-map=false]"