On Wed, 25 Mar 2026 at 21:54, Selva Nair <[email protected]> wrote: > On Sat, Mar 21, 2026 at 9:47 PM <[email protected]> wrote: >> >> From: Luca Boccassi <[email protected]> >> >> Allow management clients to send long passwords via the >> usual multi-line base64 encoded protocol. >> >> A client sends a 'password <type>' line, followed by >> as many lines (each up to 1024 bytes) as needed, in base64 >> encoded format, terminated by 'END'. >> >> This is useful when a password is a JIT-generated use-once >> token. >> >> Signed-off-by: Luca Boccassi <[email protected]> > > > I think this is a step in the right direction: allows arbitrary long > passwords to be passed via the management interface bringing it in line with > stdin/console input. No other intrusive changes like option parsing. Until > now, the largish USER_PASS_LEN = 4096 was mostly a waste of space as it was > often not possible to use it even locally within the client because of the > 255 byte restriction in the management interface. > > I have only skimmed through the patch, but reusing "password" with no > argument could break existing UI clients, hypothetically. If any UI client > is currently using an empty password to quit the dialog, it will get into a > stalemate. I guess a new keyword or an extra token after 'Auth' to indicate > multi-line input would be required. > > Selva > P.S. > Next version could go into gerrit for a more thorough review.
Ok, changed to add a new "password-base64" (I don't think we want a new third token for "password", as that might be, well, a password?), and pushed to gerrit: https://gerrit.openvpn.net/c/openvpn/+/1593 _______________________________________________ Openvpn-devel mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/openvpn-devel
