() In openvpn, each individual client gets a private key or a private
() certificate. If that key or cert were acquired by anyone other than the
() intended end user, it would be possible for someone unauthorized to get in.
()
() Basically, this is a one-stage authentication, and I don't think openvpn
() supports two or more.
It does. From the 2.0.9 man page
--auth-user-pass-verify script method
Require the client to provide a username/password
(possibly in addition to a client certificate) for
authentication.
Additionally in the client config you need a line
auth-user-pass
so the client knows it has to ask the user for a password.
This requires the clients to have something (the cert) and
to know something (the password).
Ciao, Lobo
_______________________________________________
Tech mailing list
[email protected]
http://lopsa.org/cgi-bin/mailman/listinfo/tech
This list provided by the League of Professional System Administrators
http://lopsa.org/
