Hello,
Has anyone implemented challenge-response support to openvpn and openvpn gui?
I'd like to be able to authenticate openvpn users so that all these are
required:
1) x509 certificate
2) username + password
3) one time password (otp)
So after the user gets user+pass prompt, and the password is verified to be
correct,
the user will get another prompt asking for a one time password.
OTP can be delivered as sms to the user, or it could be rsa securid value from
the token, or something else..
Openvpn gui would need to be able to present additional prompt after the usual
user+pass prompt..
For example openssh supports challenge-response, so user+pass+otp is possible
with it.
Thoughts/plans?
-- Pasi
