Store Openconnect user passwords hashed in config

Hi,

In the current version of vyos (1.4/1.5), openconnect user passwords are stored in plain text in the config.

I’d like to implement an additional option to store the passwords hashed in the config, like it is already possible for system passwords.
Like this: “set vpn openconnect authentication local-users username user encrypted-password <$6$saltysalt$hashedpassword>”
When I understood it correctly, the “ocpasswd” binary just uses the “openssl passwd” function and stores the content in the ocpasswd DB file associated to the users.

Maybe this is more a feature request, but I’d like to get a better understanding of the functionality of the vyos scripts and how stuff is executed. So maybe it’s a good opportunity to try to implement it myself.

I would appreciate any help on how to start here. Where to put the new option, which scripts I would have to modify and so on.

Kind regards
Max

Hi!
I’d start with those:

1 Like