Re: [Openvpn-devel] [RFC] - Enable 2FA to be used with renegotiations

Thu, 25 Aug 2016 15:39:25 -0700 

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On 26/08/16 00:21, Steffan Karger wrote:
> One thing I think might be useful is a timeout that forces a client
> to do a full reauth.  I can imagine a company policy that, for
> example, requires users to perform a 2FA at least every 4 hours.
> I'd want to implement such a policy without stretching the default
> 1 hour renegotiate to 4 hours.  But that might also be too much of
> a corner case which is not worth the extra code...

Good point!

With the input from Selva on the man page update, I started digging
into when such a re-auth really can happen; turns out it's not that
obvious.  So I'll investigate this further and extend the patch-set
accordingly.


- -- 
kind regards,

David Sommerseth
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.22 (GNU/Linux)

iQIcBAEBAgAGBQJXv3MKAAoJEIbPlEyWcf3yvb0P/0LBkV8fUSnsPq2Duy4MT/Gl
OHgoSpC/NcOBNghJQ3DoJBbumtIVtf/GD48O9SLCPSlqsoIVp5+SWMeuQLaiy9OR
kHYW2b3EI8ZOTfnnN1OpTHwSan4m1v792+81SNGp8eaShGsSW7Ib3wxgXnrLWMVy
7vWu7C/giukNI32v0kiAfhfT5L5b8meLCpiGZiqysqejbs5otNWwwLdHK3ZSi/di
dCGIhE5nYwPsXrZNXbEdleGjEb+akAONDVXq8PYIyKkAsizVtTFwr6SLOdi/POg0
WfQh9mIKTCHm53WVA42d/37SGSoPormLT6TLDP0rSqZOWYBlUzsKWe93QpNYiaXe
hhS7F1Vg366JWUCwNywlTKNHYLRtYkckkEaCFnp2stU8sQytjGfeI3tdwolXyxxy
fSwE0FsxZlV0wzCZYwSmhaGcCRconcYOccae2b0ZgSj3n4+RP6P+sFlRgqGVbzjY
kYJh+tDUSxk2gpCAF2P+FjgDqe3E91IP1DA7xW7z6iZdIY+8tTP8t3uZPl9Fissh
MJvG0cRihaqE8aRiK6TCpqPYcGYbdv4CYcrK6F8GCZwm6hHK1n468R5j2sPMu8sy
LysSoTSSCBFVx5EbKRwOJrT4cK3NVUE8Kd+8P2rmKDmv5CaTRlLaFJvvcfs869XS
oU0LuW9S5zDEjHTuYKMs
=Bl/d
-----END PGP SIGNATURE-----

------------------------------------------------------------------------------
_______________________________________________
Openvpn-devel mailing list
Openvpn-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/openvpn-devel

Reply via email to