On Sun, Dec 11, 2016 at 9:50 PM, Jonathan K. Bullard <jkbull...@gmail.com>
wrote:
But seeing this thread, I am considering having Tunnelblick block
> saving/retrieving of the username or password if --auth-nocache is
> specified in the configuration file. That should make it easier for
> admins because they wouldn't have to set the Tunnelblick preferences.
> I would probably keep the existing mechanism so an admin could allow
> __OpenVPN__ to cache the username/password but not allow the __user__
> to store them.
>
What I've in mind for Windows GUI is to just interpret --auth-nocache to
mean do not save passwords. But if you already have an option to disable it
independently, makes sense to keep it and add this in addition to it.
Question: Can --auth-nocache be pushed by the server
> If so, is there some way that the management interface specifies that
> --auth-nocache is active when asking for a username/password?
No it cannot be pushed.
If it ever becomes pushable, we should add a don't-cache (and/or
don't-save) hint to the password prompt. Similar to how challenge response
echo directive could be embedded in the prompt. The alternate of parsing
the log for pushed options would be a major pain.. Such a hint or directive
in the prompt is something I would like to have even otherwise.
Selva
------------------------------------------------------------------------------
Developer Access Program for Intel Xeon Phi Processors
Access to Intel Xeon Phi processor-based developer platforms.
With one year of Intel Parallel Studio XE.
Training and support from Colfax.
Order your platform today.http://sdm.link/xeonphi
_______________________________________________
Openvpn-devel mailing list
Openvpn-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/openvpn-devel
