Hi, On Wed, Apr 4, 2018 at 8:13 AM, David Sommerseth <dav...@openvpn.net> wrote: > Be more explicit that --auth-gen-token is to be considered a workaround > for authentication scripts/plug-ins not supporting --auth-token. > > Also be more explicit that invalidated --auth-token values will result > in the client disconnecting. > > Signed-off-by: David Sommerseth <dav...@openvpn.net>
IMO, this is just muddying up waters further. To the user its still not clear when does the token get invalidated and in which of those cases is the client left in a lurch. The token gets invalidated on (i) token expiry (a broken feature) or (ii) server restart. The client can recover from the latter as it will get an auth-failed, but the former causes a disconnection from server's perspective but client gets no notice. So saying that "will result in the client disconnecting" is not helpful. A better quick fix would be to just remove token expiry feature from the code until a proper implementation can be devised. Selva ------------------------------------------------------------------------------ Check out the vibrant tech community on one of the world's most engaging tech sites, Slashdot.org! http://sdm.link/slashdot _______________________________________________ Openvpn-devel mailing list Openvpn-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/openvpn-devel
