On Thu, Dec 17, 2015 at 1:22 PM, Selva Nair <selva.n...@gmail.com> wrote:
> (a) leave as is and document that challenge-response is incompatible with > user and pass from file > If people lean this way I think the code would still need to be changed to fail instead of endlessly looping, sending bad answers back to the server. (b) prompt for the response from console in both dynamic and static cases > That gets my vote, for what that's worth. Prompting from management works fine as long as auth-user-pass file is not > set. > I assume that would be something you'd fix (or make the program reject). The current code does not prompt on the management interface for a challenge/response if someone combines --management, --management-query-passwords, and an auth-user-pass file. Ultimately, though, I've switched over to a simple perl script I wrote that runs a managed openvpn and gives me full control w/o using --auth-user-pass (since the official release is not going to support reading the challenge/response from a file). ..wayne..
