Hi, On Wed, Apr 21, 2021 at 07:29:52PM +0200, Dajka Tamás wrote: > If interested, I can send the script over ( PAM is used for user > auth against an MS AD, and Radius is used for SecurID, since that > handle???s challenge-response auths, so we can wait for the user???s > answer to dynamic questions without blocking the whole auth flow).
I'm certainly interested. > So, if you want to do a bit more complex stuff, than the management > interface will be your friend (a perl/python/php/whatever daemon > will be needed to connect to the mgmt interface and handle the > requests from the openvpn server). > > For simple tasks a static-challenge + PAM auth can be more than enough. I've come to like the auth-PAM plugin (after I fought it for a while, and won :-) ). It does async nowadays, and if it does what you need, it's easier to use than setting up "things talking to management". I haven't looked into dynamic challenges yet, but it seems I should... Selva: am I reading the source correctly, a plugin can not create a dynamic challenge? gert -- "If was one thing all people took for granted, was conviction that if you feed honest figures into a computer, honest figures come out. Never doubted it myself till I met a computer with a sense of humor." Robert A. Heinlein, The Moon is a Harsh Mistress Gert Doering - Munich, Germany g...@greenie.muc.de
signature.asc
Description: PGP signature
_______________________________________________ Openvpn-users mailing list Openvpn-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/openvpn-users