If the user doesn't supply any arguments to the plugin in the OpenVPN
configuration file, then it defaults to setting the second argument to
the pam_start() function with the username that the other end of the
vpn supplied. The pam libraries use this as the initial value for the
PAM_USER pam
I wanted to use OpenVPN with PAM whilst enforcing the use of the TLS
client cert common name in place of the user-supplied user name. This
wouldn't work with the PAM plugin I was using, and in the process of
debugging this I've made a few changes to the auth-pam plugin which I
hope make it easier
If the user doesn't supply any arguments to the plugin in the OpenVPN
configuration file, then it defaults to answering any PAM conversation
'questions' where the pam module sets the message style to
PAM_PROMPT_ECHO_OFF with the password, and where the style is set to
PAM_PROMPT_ECHO_ON with the
Hopefully clarify usage, and fix spelling errors.
Document new functionality WRT PAM_USER and implicit password
responses when a non-matching non-echoing PROMPT is made by a PAM
module.
Signed-off-by: Tim Small
---
src/plugins/auth-pam/README.auth-pam | 152
The plugin carries out separate checks on authorisation and account
validity, but only prints a single "user X failed to authenticate"
message, even if the PAM authenticate tests pass, but the PAM account
check fails.
Also log common name as well as user name.
Signed-off-by: Tim Small
hi,
On Wed, Jul 08, 2015 at 02:22:36PM -0400, Selva Nair wrote:
> On Wed, Jul 8, 2015 at 12:26 PM, Jan Just Keijser wrote:
>
> > FWIW: I've patched openvpn to set routes using DHCP on Windows and yes,
> > it works: I can add any route to the system routing tables, including
>
Hi,
On Wed, Jul 08, 2015 at 06:26:33PM +0200, Jan Just Keijser wrote:
> >AFAICT windows does support that option (that's what I was referring
> >to with options 121 or 249) . OTOH, I am *not* sure if it allows you
> >to set a 0.0.0.0/1 route using that option, but I guess there's only
> >one
On Wed, Jul 8, 2015 at 12:26 PM, Jan Just Keijser wrote:
>
> FWIW: I've patched openvpn to set routes using DHCP on Windows and yes,
> it works: I can add any route to the system routing tables, including
> 0.0.0.0/1 and 128.0.0.1/1 ; this could be used as an alternative to
>
Hi,
Jan Just Keijser wrote:
Gert Doering wrote:
On Thu, Jul 02, 2015 at 11:56:28AM +0200, Jan Just Keijser wrote:
+write_dhcp_str (buf, 66, o->tftp, );
+write_dhcp_str (buf, 150, o->tftp, );
This does not look safe to me (or I'm overlooking something) - if
o->tftp is not
Hi,
Jan Just Keijser wrote:
On 03/07/15 15:15, Gert Doering wrote:
On Fri, Jul 03, 2015 at 01:56:39PM +0200, JÁKÓ András wrote:
yes this is possible; it's possible to push multiple gateways and
multiple (classless) routes (dhcp options 121 & 249).
If the metric on the tap-win adapter is set
10 matches
Mail list logo