Acked-by: Gert Doering <>

Amazingly trivial, as soon as one understands the intricacies of
get_user_pass_cr() ;-) - of course I have tested this.  Without the
patch, <auth-user-pass> with no password will send an empty password,
with the patch, it will query on stdin and things will succeed
(hard to test in an automated way, though).

I have not tested if this would query via systemd, as I don't have
any systemd systems - but since this is using already-existing paths to
query for password, I'd expect so.

Now, to management interface - as Selva correctly remarked, all these
"we have a username and now need to query for a password" cases should
really work via management interface as well, otherwise the user experience
(especially on windows) will be fairly poor.  Inside auth_user_pass_cr()
this should be doable with some reshuffling, and from the documentation
I see that the managment interface already knows how to query "only for
password".  So maybe something like

   >PASSWORD:Need 'Auth' password user=$username

(extend Need 'Auth' with a username) and the GUI could then present
a user/password dialogue with a non-editable "user" field, or so...

Your patch has been applied to the master branch.

commit 39619b7fab213e9cadaa4a8b50b795ad63d9d91f
Author: Antonio Quartulli
Date:   Wed Sep 14 20:59:37 2022 +0200

     get_user_pass_cr: get password from stdin if missing inline

     Signed-off-by: Antonio Quartulli <>
     Acked-by: Gert Doering <>
     Message-Id: <>
     Signed-off-by: Gert Doering <>

kind regards,

Gert Doering

Openvpn-devel mailing list

Reply via email to