On 15/05/2020 17:36, David Sommerseth wrote: > On 09/11/2019 16:13, Arne Schwabe wrote: >> This implements sending AUTH_PENDING and INFO_PRE messages to clients >> that indicate that the clients should be continue authentication with >> a second factor. This can currently be out of band (openurl) or a normal >> challenge/response 2FA like TOTP (CR_TEXT). > > Can we settle on a single CR_TEXT vs CRTEXT terminology? The 3/5 patch used > crtext in the documentation but cr_text in the commit message. > >> Signed-off-by: Arne Schwabe <a...@rfc2549.org> >> --- >> doc/management-notes.txt | 26 +++++++++++++++++++++++ >> src/openvpn/manage.c | 46 ++++++++++++++++++++++++++++++++++++++++ >> src/openvpn/manage.h | 3 +++ >> src/openvpn/multi.c | 19 +++++++++++++++++ >> src/openvpn/push.c | 24 +++++++++++++++++++++ >> src/openvpn/push.h | 2 ++ >> 6 files changed, 120 insertions(+) >> >> diff --git a/doc/management-notes.txt b/doc/management-notes.txt >> index e380ca2b..4b405a9b 100644 >> --- a/doc/management-notes.txt >> +++ b/doc/management-notes.txt >> @@ -592,6 +592,32 @@ interface to approve client connections. >> CID,KID -- client ID and Key ID. See documentation for ">CLIENT:" >> notification for more info. >> >> +COMMAND -- client-sso-auth (OpenVPN 2.5 or higher) >> +---------------------------------------------------- >> + >> +Instruct OpenVPN server to send AUTH_PENDING and INFO_PRE signal >> +a single sign on url to the client. >> + >> + client-sso-auth {CID} {EXTRA} > > I think we should use a different naming for this than 'sso'. This is not > tied to only SSO (Single Sign-On). What about: > > - client-extended-auth > - client-external-auth > - client-ext-auth > - client-additional-auth > - client-xauth
Another alternative popped up in my head, as CR/Challenge-Response is used a lot in this context .... client-cr-auth .... but all of them are just suggestions to avoid the 'sso' reference. > > As long as the name is quite generic, I'm fine with most alternatives. But it > should be very generic. We have so many alternative auth methods these days: > Yubico OTP [1], TOTP/HOTP, FIDO/U2F, SAML, OAuth, Kerberos/GSSAPI, etc ... > > [1] <https://developers.yubico.com/OTP/OTPs_Explained.html> -- kind regards, David Sommerseth OpenVPN Inc _______________________________________________ Openvpn-devel mailing list Openvpn-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/openvpn-devel