Re: [Openvpn-devel] [PATCH] Improve documentation of --username-as-common-name

Mon, 28 Sep 2020 14:38:25 -0700 

On 27/09/2020 20:46, selva.n...@gmail.com wrote:
> From: Selva Nair <selva.n...@gmail.com>
> 
> Trac #1079
> 
> Signed-off-by: Selva Nair <selva.n...@gmail.com>
> ---
>  doc/man-sections/server-options.rst | 12 +++++++++---
>  1 file changed, 9 insertions(+), 3 deletions(-)
> 
> diff --git a/doc/man-sections/server-options.rst 
> b/doc/man-sections/server-options.rst
> index c0b22a5..4b649b1 100644
> --- a/doc/man-sections/server-options.rst
> +++ b/doc/man-sections/server-options.rst
> @@ -668,9 +668,15 @@ fast hardware. SSL/TLS authentication must be used in 
> this mode.
>    ``--max-routes-per-client``
>  
>  --username-as-common-name
> -  For ``--auth-user-pass-verify`` authentication, use the authenticated
> -  username as the common name, rather than the common name from the client
> -  cert.
> +  Use the authenticated username as the common-name, rather than the
> +  common-name from the client certificate. Requires that some form of
> +  auth-user-pass verification is in effect. As the replacement happens after
> +  auth-user-pass verification, the verification script or plugin will still

The two occurrences of "auth-user-pass" should be: ``--auth-user-pass`` (with
"double-backwards-single-quotes" in both ends)

> +  receive the common-name from the certificate.
> +
> +  The common_name environment variable passed to scripts and plugins invoked
> +  after authentication (e.g, client-connect script) and file names parsed in
> +  client-config directory will match the username.

I have not verified the behavior described, but I trust Selva's understanding
and testing.  The extension of this part is valuable and makes both the man
entry and behavior clearer.

The fix I've touched above can be handled at commit-time, unless Gert objects.

Acked-By: David Sommerseth <dav...@openvpn.net>

-- 
kind regards,

David Sommerseth
OpenVPN Inc

Attachment: signature.asc
Description: OpenPGP digital signature

_______________________________________________
Openvpn-devel mailing list
Openvpn-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/openvpn-devel






















					Reply via email to