> >>Thinking ahead, the challenge/response sequence for passing > >> authentication info should be open-ended to provide for future > >> implementation of alternative authentication methods such as Radius, > >> LDAP, NT Auth, etc. > > > > Please don't do too much of that. I've seen this auth featuritis creeping > > in ntp and ups tools(!). Results ain't pretty...
I don't think that supplying a generalized authentication mechanism (that's method agnostic) will add very much complexity. The way I see this working is that the SSL/TLS authentication still provides the real security. But after SSL/TLS authentication has occurred, one still might want to submit some sort of credentials string to the server (obtained via GUI from the user) to determine the common name which will be assigned to the client. In any case, OpenVPN on the server is probably going to interface with an authentication library which will handle all the details. > > Reconfiguration of openvpn can always be done by editing config file > > and restarting openvpn daemon. Simple. Elegant. No additional coding > > - no risk of introducing bugs. > > > > This can be done via systray app, too. > > I can understand your concerns, and mostly you are right. However, there > is one quite important scenario - at least as I see it - where you need > the core daemon and the GUI running in different accounts: whenever the > key or secret has to be looked away from the user while it shall still > be possible for her/him to start/stop VPN connections. One reason for > this may be that the key is bound to the device and not the user. The > other one is security. Through this separation, malicious programs > running in the context of the user can not so easily access the secret. > > And for those who don't trust this new interface (which will surely need > a careful implementation): what about adding a configure switch and > putting the respective code in some #ifdefs? I agree -- the management interface should not be implicitly enabled by default. You will need to specify the "management" config option to turn it on. James
