Hi,
On Sun, Dec 11, 2016 at 9:06 AM, debbie10t <debbie...@gmail.com> wrote:
> I think it is down to individual server admins to make this call ..
> If they have a policy which demands that passwords not be saved and
> openvpn does not have a robust method to do so, what will they do ?
>
Agreed, GUI should somehow allow an admin to disable the save password
feature.
> Is it possible to have --push "auth-nocache-override" which enables
> client --auth-nocache and cannot be filtered out ?
>
This is not required: the code already has restrictions in place so that a
limited user running an arbitrary config through interactive service is not
possible unless the admin permits them to do so. So keeping the config file
readonly for users is enough to protect --auth-nocache.
If we also make the GUI not to save passwords when --auth-nocache is
present in the config, that should be robust enough.
Selva
------------------------------------------------------------------------------
Developer Access Program for Intel Xeon Phi Processors
Access to Intel Xeon Phi processor-based developer platforms.
With one year of Intel Parallel Studio XE.
Training and support from Colfax.
Order your platform today.http://sdm.link/xeonphi
_______________________________________________
Openvpn-devel mailing list
Openvpn-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/openvpn-devel
