Hi, On Mon, Mar 16, 2020 at 8:39 AM David Sommerseth <open...@sf.lists.topphemmelig.net> wrote: > > On 13/03/2020 14:01, sam...@openvpn.net wrote: > > From: Samuli Seppänen <sam...@openvpn.net> > > > > URL: https://community.openvpn.net/openvpn/ticket/757 > > Signed-off-by: Samuli Seppänen <sam...@openvpn.net> > > --- > > doc/openvpn.8 | 6 ++++++ > > 1 file changed, 6 insertions(+) > > > > diff --git a/doc/openvpn.8 b/doc/openvpn.8 > > index 864f94e8..9e54890e 100644 > > --- a/doc/openvpn.8 > > +++ b/doc/openvpn.8 > > @@ -4127,6 +4127,12 @@ The server configuration must specify an > > .B \-\-auth\-user\-pass\-verify > > script to verify the username/password provided by > > the client. > > + > > +Note that OpenVPN GUI on Windows does not prompt for the > > +password if the file contains only the username. However, > > +OpenVPN versions from 2.4 up bundle OpenVPN GUI version 11 > > +which is able to cache usernames and passwords internally. > > + > > Could we rephrase this, to not live in the past. This will go into master and > probably also release/2.4. I also doubt anyone using man pages on 2.3 would > even read this. If there are Windows users on 2.3, there are no excuse not to > upgrade - unless it's an enterprise deployment, where end users most likely > would not even care (they should anyway complain to their IT department > regardless, for using outdated security software). > > I would just rephrase it to say: > > OpenVPN GUI v11 and newer uses its own internal username/password storage > independent of the --auth-user-pass file provided. The file argument is > ignored on such installations.
I wish it behaved like that. Unfortunately the file argument is not ignored in such cases. If the file has only username, openvpn.exe reads it from the file and then fails to prompt for password as there is no console available. I propose to change this behaviour to: if --management-query-passwords is set (which the GUI does), ignore the file given in auth-user-pass and prompt both username and password from management. I think its only logical for a later option (in this case the one set by the GUI) to override a previous one. Anyway we do already ignore it if the file is "stdin". Selva _______________________________________________ Openvpn-devel mailing list Openvpn-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/openvpn-devel
