Hi, On Wed, Apr 21, 2021 at 1:35 PM Joe Patterson <j.m.patter...@gmail.com> wrote:
> I stand corrected! That's very useful to know. > > Does the "OTP" keywork in the plugin correspond to the OTP argument in > the static challenge? > No, the argument to static-challenge is local to the client and only used for prompting the user. It's not passed to the server. You can write it differently in each client config if you wish. > Like if my static challenge was "static-challenge 'enter the number > from your authenticator' 1", I'd use auth_pam.so "openvpn login: > USERNAME Password: PASSWORD Verification 'enter the number from your > authenticator'"? > The capitalized words, USERNAME, PASSWORD and OTP are hard coded and stand for the values for username, password and otp received from the client. These get used against the corresponding prompts, "login:", "Password:" and "Verification" in my example. So those latter words are specific to your set up. Only the beginning of the prompt is matched, so "Verification" would also match, say, a pam prompt of "Verification PIN:". It's also possible to expose the common name to PAM -- use COMMONNAME as the place-holder. See README.auth-pam. Selva
_______________________________________________ Openvpn-users mailing list Openvpn-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/openvpn-users
