Alon Bar-Lev skrev den 27-12-2008 21:20:
On 12/27/08, Morten Christensen <mc-open...@mc.cx> wrote:
> I just never had username configuration before... I actually don't
> understand why you need it anyway.... :)
>
We are combining a certificate without password with authentification
with the username and password of the servers.
I find that it has 2 advantages:
The user cannot change the password to something too short.
When the user forgets the password, it is easy to enter a new one
without the need far a new certificate.
OK... but the true protection is the cryptography... So the level of
authentication is username/password.
Yes but only if it is coupled with the right certificate.
Have you tried the dummy scenario.
Yes. Does not work.
But that might be because we use this script (from James) on the server
to secure, that username/password and certificate is coupled :
#!/usr/bin/perl -t
# OpenVPN --auth-user-pass-verify script.
# Only authenticate if username equals common_name.
# In OpenVPN config file:
# auth-user-pass-verify ./unc.pl via-env
$username = $ENV{'username'};
$common_name = $ENV{'common_name'};
exit !(length($username) > 0 && length($common_name) > 0 && $username eq
$common_name);
# END}
--
Morten Christensen
