> > +1. What functionality does this new mechanism add? > > Tunnelblick implements 2FA through the management interface using the > existing static and dynamic challenge-response mechanism. For a > dynamic challenge, for example. Tunnelblick gets a response from the user in > a popup window or from a user-specified script. (A script is usually > used to get the response from hardware devices.) >
It adds 2FA without reconnect dance and also the ability to do something like web based SSO authentication. But a server should not use these unless your client will announce support for them via IV_SSO variable. The v2 version of the patch will describe the IV_SSO variable too. Arne
signature.asc
Description: OpenPGP digital signature
_______________________________________________ Openvpn-devel mailing list Openvpn-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/openvpn-devel
