On Wed, Apr 21, 2021 at 1:55 PM Selva Nair <selva.n...@gmail.com> wrote: > > Hi, > > On Wed, Apr 21, 2021 at 1:35 PM Joe Patterson <j.m.patter...@gmail.com> wrote: >> >> I stand corrected! That's very useful to know. >> >> Does the "OTP" keywork in the plugin correspond to the OTP argument in >> the static challenge? > > > No, the argument to static-challenge is local to the client and only used for > prompting the user. It's not passed to the server. You can write it > differently in each client config if you wish. >
I thought that seemed like it would be weird. :) >> >> Like if my static challenge was "static-challenge 'enter the number >> from your authenticator' 1", I'd use auth_pam.so "openvpn login: >> USERNAME Password: PASSWORD Verification 'enter the number from your >> authenticator'"? > > > The capitalized words, USERNAME, PASSWORD and OTP are hard coded and stand > for the values for username, password and otp received from the client. These > get used against the corresponding prompts, "login:", "Password:" and > "Verification" in my example. So those latter words are specific to your set > up. Only the beginning of the prompt is matched, so "Verification" would also > match, say, a pam prompt of "Verification PIN:". > Fantastic. > It's also possible to expose the common name to PAM -- use COMMONNAME as the > place-holder. See README.auth-pam. I know. I wrote that code. :) Thanks! -Joe _______________________________________________ Openvpn-users mailing list Openvpn-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/openvpn-users
