Hi all, No further comments or requests on the openvpn-users lists. Reposting here for further criticism / comments :)
I did have one thought though, do I need to put any kind of banner at the top of the script as a 'maintainer' or such? I have attached this script for comment to be considered for inclusion in the contrib section of openvpn to use the Yubico Yubicloud authentication for the Yubikey OTP. Place the script in /etc/openvpn and configure as follows: script-security 2 client-connect /etc/openvpn/yubikey-auth-tokens auth-user-pass-verify /etc/openvpn/yubikey-auth-tokens via-file client-cert-not-required username-as-common-name Right now, this requires 'reneg-sec 0' be set in the openvpn server config file due to some issues in handling auth tokens in various configurations - however hopefully when this gets fixed, it will keep the connection running with an auth-token after the initial authentication by OTP. Edit the yubikey-auth-tokens script and edit the %yubikeys hash with your list of usernames and associated yubikey IDs. Happy to receive feedback on the script, its operation, or implementation. -- Steven Haigh 📧 net...@crc.id.au 💻 http://www.crc.id.au 📞 +61 (3) 9001 6090 📱 0412 935 897
yubikey-auth-tokens
Description: Perl program
signature.asc
Description: This is a digitally signed message part.
------------------------------------------------------------------------------ Check out the vibrant tech community on one of the world's most engaging tech sites, Slashdot.org! http://sdm.link/slashdot
_______________________________________________ Openvpn-devel mailing list Openvpn-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/openvpn-devel
