Hi, On Thu, Jun 13, 2019 at 2:35 PM Selva Nair <selva.n...@gmail.com> wrote: > > Hi > > On Thu, Jun 13, 2019 at 10:42 AM Arne Schwabe <a...@rfc2549.org> wrote: > > > > These patches mainly implement forwarding passing/forwarding extra > > messages between management interface on server and client side. > > > > These new extra messages can be used to implement a two step > > authentication like TOTP (Google Authenticator) or web based > > out of band (like SAML). > > > > Since this requires a tight integration on both client and > > server side, it is currently only supported with the management > > interface. > > > > Arne Schwabe (5): > > Implement parsing and sending INFO and INFO_PRE control messages > > Implement forwarding client CR_RESPONSE messages to management > > Implement support for signalling IV_SSO to server > > Implement sending response to challenge via CR_RESPONSE > > Implement sending SSO challenge to clients > > I haven't looked at the patches, but a quick question. I haven't come across > any > 2FA mechanisms that cannot be handled (in principle) by the current static an > dynamic CR in OpenVPN.
+1. What functionality does this new mechanism add? Tunnelblick implements 2FA through the management interface using the existing static and dynamic challenge-response mechanism. For a dynamic challenge, for example. Tunnelblick gets a response from the user in a popup window or from a user-specified script. (A script is usually used to get the response from hardware devices.) Best regards, Jon Bullard _______________________________________________ Openvpn-devel mailing list Openvpn-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/openvpn-devel
