On Wed, Jul 13, 2011 at 12:56:13PM -0700, Samuli Seppänen wrote: > Hi Pasi, > > There's some support for challenge-response authentication in OpenVPN: > > <http://openvpn.git.sourceforge.net/git/gitweb.cgi?p=openvpn/openvpn-testing.git;a=commit;h=3cf9dd88fd84108eccfcce0ebf44e00f9481cd82> >
Cool! Based on the commit summary it says in "client mode".. so the server parts are still missing? I'd probably want to use it with openvpn-auth-pam plugin, with pam-radius-plugin set to do challenge-response authentication. I'll take a look at the sources soon.. -- Pasi > This code is in the "master" branch. Look here for instructions on how > to fetch the sources: > > <https://community.openvpn.net/openvpn/wiki/DeveloperDocumentation#Maindevelopmentrepositorygit> > > Hope this helps, > > Samuli > > > Hello, > > > > Has anyone implemented challenge-response support to openvpn and openvpn > > gui? > > > > I'd like to be able to authenticate openvpn users so that all these are > > required: > > 1) x509 certificate > > 2) username + password > > 3) one time password (otp) > > > > So after the user gets user+pass prompt, and the password is verified to be > > correct, > > the user will get another prompt asking for a one time password. > > > > OTP can be delivered as sms to the user, or it could be rsa securid value > > from the token, or something else.. > > > > Openvpn gui would need to be able to present additional prompt after the > > usual user+pass prompt.. > > For example openssh supports challenge-response, so user+pass+otp is > > possible with it. > > > > Thoughts/plans? > > > > -- Pasi > > > > > > ------------------------------------------------------------------------------ > > AppSumo Presents a FREE Video for the SourceForge Community by Eric > > Ries, the creator of the Lean Startup Methodology on "Lean Startup > > Secrets Revealed." This video shows you how to validate your ideas, > > optimize your ideas and identify your business strategy. > > http://p.sf.net/sfu/appsumosfdev2dev > > _______________________________________________ > > Openvpn-devel mailing list > > Openvpn-devel@lists.sourceforge.net > > https://lists.sourceforge.net/lists/listinfo/openvpn-devel >
