Am 27.03.20 um 22:09 schrieb David Sommerseth:
> On 09/11/2019 16:13, Arne Schwabe wrote:
>> This implements sending AUTH_PENDING and INFO_PRE messages to clients
>> that indicate that the clients should be continue authentication with
>> a second factor. This can currently be out of band (openurl) or a normal
>> challenge/response 2FA like TOTP (CR_TEXT).
>>
>> Signed-off-by: Arne Schwabe <a...@rfc2549.org>
>> ---
>>  doc/management-notes.txt | 26 +++++++++++++++++++++++
>>  src/openvpn/manage.c     | 46 ++++++++++++++++++++++++++++++++++++++++
>>  src/openvpn/manage.h     |  3 +++
>>  src/openvpn/multi.c      | 19 +++++++++++++++++
>>  src/openvpn/push.c       | 24 +++++++++++++++++++++
>>  src/openvpn/push.h       |  2 ++
>>  6 files changed, 120 insertions(+)
> 
> Code and management notes looks reasonable.  But again, it would be good to
> have a way to test this properly to avoid regressions later on.  Since this is
> also a more advanced authentication method, having good test methods is even
> more critical.

Writing a complete framework to test management interface on the server
side is something that would a huge undertaking for this simple patch.

I think Access Server is basically the only software that I am aware of
that really uses the server side management interface.

So basically having this requirement right now of writing a testing
suite to get this into OpenVPN will mean that we will effectively fork
OpenVPN for AS.

Arne

Attachment: signature.asc
Description: OpenPGP digital signature

_______________________________________________
Openvpn-devel mailing list
Openvpn-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/openvpn-devel

Reply via email to