Hi, On Mon, Mar 30, 2020 at 12:11 PM Jonathan K. Bullard <jkbull...@gmail.com> wrote:
> Hi, > > On Mon, Mar 30, 2020 at 11:12 AM Selva Nair <selva.n...@gmail.com> wrote: > > Jonathan K. Bullard <jkbull...@gmail.com> wrote: > > > > > > If the OS X command line user was using --management-query-passwords > > > (as Tunnelblick does), they wouldn't see the password prompt on > > > /dev/tty, would they? > > > > In case of auth-file missing password, they would see it on /dev/tty > > on linux, and I would guess on OSX as well, but I've not checked. > > The password prompt appears on /dev/tty on OS X only if --daemon is not > used. > > If --daemon and --management-query-passwords are used but --askpass is > not (whether or not --auth-nocache is also used), which is typical for > a Tunnelblick configuration on OS X, the following appears in the log: > > neither stdin nor stderr are a tty device and you have neither a > controlling tty nor systemd - can't ask for 'Enter Auth > Password:'. > If you used --daemon, you need to use --askpass to make > passphrase-protected keys work, and you can not use > --auth-nocache. > Exiting due to fatal error > > if --daemon, --management-query-passwords, and --askpass are all used > (whether or not --auth-nocache is used), you get: > > Need password(s) from management interface, waiting... > > If Windows GUI uses --daemon, that could be an additional requirement > that would work for Tunnelblick and OS X, which would mean one less > incompatibility between Windows and OS X. > --daemon is a unix/linux option (not supported on Windows) and after deamonizing there is no controlling tty leading to the behaviour you mention above. I think that's documented. > Or it could test for Windows || (OS X && --daemon). > Personally I would prefer to enable this code for all platforms although its a minor regression. That is, if management-query-passwords is enabled and auth file is missing password, query the management, not on console irrespective of other options and OS. If that's acceptable, I'll submit a v2. Selva > Best regards, > > Jon Bullard >
_______________________________________________ Openvpn-devel mailing list Openvpn-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/openvpn-devel