> +1. What functionality does this new mechanism add?
> Tunnelblick implements 2FA through the management interface using the
> existing static and dynamic challenge-response mechanism. For a
> dynamic challenge, for example. Tunnelblick gets a response from the user in
> a popup window or from a user-specified script. (A script is usually
> used to get the response from hardware devices.)

It adds 2FA without reconnect dance and also the ability to do something
like web based SSO authentication. But a server should not use these
unless your client will announce support for them via IV_SSO variable.

The v2 version of the patch will describe the IV_SSO variable too.


Attachment: signature.asc
Description: OpenPGP digital signature

Openvpn-devel mailing list

Reply via email to