On Thu, 5 May 2005, James Yonan wrote:
On Wed, 4 May 2005, Gerhard Wiesinger wrote:
Hello!
Attached are 2 usability patches for password authentication on Windows,
one for OpenVPN 2.0.0 and OpenVPN-GUI 1.0.
The patches provide the following functionality:
You can provide predefined usernames for password authentication,
backward compatibility is guaranteed.
It looks like the following:
Client Config looks like:
=========================
# Ask for username and password
auth-user-pass user.up
# Optionally the win32-gui switch can be set (see for combinations below)
win32-gui
user.up contains:
=================
username
password or stdin or gui (stdin and gui are reserverd keywords)
When password is set, the password is taken.
When stdin or gui is set as the password the user is asked to provide the
password only (The username is not queried or is already predefined in the
GUI dialog and the focus is set to the password text field).
# Usefull combinations are:
# disabled win32-gui with auth-user-pass username/gui (Best)
============================================================
OpenVPN Userauthentication Dialog (only one dialog appears) with the
following information:
Username: gerhard (predefined as from user.up!!!)
Password: Enter the password here
When a private key password is set, it is also queried.
Username is taken from user.up
# win32-gui with auth-user-pass username/stdin (Best)
======================================================
The following dialog pops up:
Enter Auth Password for user gerhard: Enter the username here
When a private key password is set, it is also queried.
Username is taken from user.up
# win32-gui with auth-user-pass username/gui
============================================
Enter Auth Username [gerhard]: Enter the username here
Enter Auth Password: Enter the password here
When a private key password is set, it is also queried.
# Useless combinations are:
# disabled win32-gui with auth-user-pass username/stdin
=======================================================
OpenVPN is blocked, since the GUI waits for input from stdin, but nothing
usefull is sent.
Server side looks like:
=======================
plugin /usr/share/openvpn/plugin/lib/openvpn-auth-pam.so login
It has been tested with MinGW compiler, Windows 2000 and Linux as a
server unpatched (2.0.0).
Please let me know whether you integrate the patches in the upcoming
OpenVPN 2.0.1 release.
Why would you want to add platform-specific GUI code to the OpenVPN core
(as the non-GUI patch does), rather than coding the GUI functionality as
a separate applet and communicating with the OpenVPN core via the
management interface? It's a bit more work this way, but it has the
advantage of decoupling the OpenVPN core from the platform-specific GUI
elements.
I only "enhanced" the already existing patch for openvpn.
See
http://openvpn.se/development.html
http://openvpn.se/files/patches/openvpn-2.0_rc16-gui.patch
for details.
Of course a management interface is a better design, but my patch (not the
original one) also works with stdin redirection without the win32-gui
option, so there is no platform specific code in there any more and could
be removed. A GUI interface with platform specific DLLs, shared objects or
something might be a better solution (e.g. plugin concept).
But from a practical point of view I don't see any problems with GUI code
in it, do you?
Ciao,
Gerhard
