James Yonan wrote:
The best way to programmatically supply the username/password on the
client side is to use the OpenVPN management interface.
James
And the worst way is by using a file on a disk (which is why it is
disabled by default on compilation time). How about something in
between? Something that is perhaps also easier to use from scripts,
while still being secure in certain environments (like Windows)? The
management interface requires a TCP port, which requires extra
programming to use. It could also conflict with some firewalls (even
when used on the loopback interface). Why bother with the entire
management interface if the only thing you want is to simply insert a
username and password with reasonable security?
I'm not saying that the management interface is bad. However, a somewhat
trivial function like username/password insertion should be easier. It's
accepted that OpenVPN as a server uses the environment to parse incoming
usernames/passwords to other programs. Why can't OpenVPN also accept a
username and password from the environment?
Zep
