Hello, I update the kde script [1] to handle these new commands. It presents the user with friendly a list of certificates. With some customization this can also be modified to execute customized non interactive authentication.
Peter, I don't understand how you currently specify the passphrase for the token, and how you handle token remove and insert. Do you require the user to insert the token before boot and never remove it? What happens if user remove his token, should he reboot? I believe that using the management interface for automation is easy. Alon. [1] http://alon.barlev.googlepages.com/openvpn-kde-dialogs.pl.bz2 On 3/18/08, Alon Bar-Lev <alon.bar...@gmail.com> wrote: > Hello, > > In your case I thought using a simple perl script installed using > servany, this script can provide the certificate and passphrase > automation during computer startup. > > A sample perl scripts are available at [1]. > > Anyway... The proper solution for Windows login is to write a RAS provider > that interact with winlogon, just like Microsoft VPN. This will enable > user to connect to the VPN with user interaction before login. This RAS > provider will be able to interact with OpenVPN view the management interface. > > Alon. > > [1] http://alon.barlev.googlepages.com/openvpn-pkcs11 > > > On 3/18/08, Peter Koch <p...@opensc-project.org> wrote: > > Hi all, > > > > If future version of OpenVPN will not be able to > > automatically select a certificate without > > user interaction we will have major problems > > with out home-offices. > > > > The reason is that our user uses an OpenVPN > > tunnel to log into our samba domain. Hence > > we MUST run OpenVPN as a service and MUST > > create a connection during windows startup. > > > > I cannot image how OpenVPN could ask the > > user which certificate to use if the user > > has not logged on. During startup Windows > > will not show the regular desktop but the > > logon desktop. And no process besides the > > windows logon itself is allowed to display > > anything on the logon desktop. > > > > So please include a configuration option > > that will tell OpenVPN to use the first > > certificate it finds with no user interaction. > > This would help us a lot. And since our > > smartcards have one certificate only it does > > not make much sense to ask which one to > > use anyway :-) > > > > Peter > > _______________________________________________________________________ > > Jetzt neu! Schützen Sie Ihren PC mit McAfee und WEB.DE. 30 Tage > > kostenlos testen. http://www.pc-sicherheit.web.de/startseite/?mc=022220 > > > > >
