Hi, On Wed, Apr 21, 2021 at 07:29:52PM +0200, Dajka Tamás wrote: > If interested, I can send the script over ( PAM is used for user > auth against an MS AD, and Radius is used for SecurID, since that > handle???s challenge-response auths, so we can wait for the user???s > answer to dynamic questions without blocking the whole auth flow).
I'm certainly interested.
> So, if you want to do a bit more complex stuff, than the management
> interface will be your friend (a perl/python/php/whatever daemon
> will be needed to connect to the mgmt interface and handle the
> requests from the openvpn server).
>
> For simple tasks a static-challenge + PAM auth can be more than enough.
I've come to like the auth-PAM plugin (after I fought it for a while,
and won :-) ). It does async nowadays, and if it does what you need,
it's easier to use than setting up "things talking to management".
I haven't looked into dynamic challenges yet, but it seems I should...
Selva: am I reading the source correctly, a plugin can not create a dynamic
challenge?
gert
--
"If was one thing all people took for granted, was conviction that if you
feed honest figures into a computer, honest figures come out. Never doubted
it myself till I met a computer with a sense of humor."
Robert A. Heinlein, The Moon is a Harsh Mistress
Gert Doering - Munich, Germany [email protected]
signature.asc
Description: PGP signature
_______________________________________________ Openvpn-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/openvpn-users
