Hi, On 11/06/2021 11:48, Arne Schwabe wrote: > Am 11.06.21 um 02:41 schrieb Antonio Quartulli: >> Hi, >> >> On 20/05/2021 17:11, Arne Schwabe wrote: >>> When not using username and password (i.e. auth-user-pass) it can still make >>> to provide the client with an auth-token, e.g. for allowing a session to >>> continue after a reconnect without requiring 2FA again. >>> >>> However, without --auth-user-pass openvpn does not have a username and will >>> ignore any pushed auth-token command. >>> >>> This patch adds support for auth-token-user to set the username that should >>> be used for auth-token >>> >>> The spec of using auth-token-user base64-encoded-user are the ones that >>> OpenVPN3 already implements. >>> >>> Patch V2: Improve style, fix comments and commit message >>> >>> Signed-off-by: Arne Schwabe <a...@rfc2549.org> >> >> This patch hasn't changed since the last time it was on the mailing list >> (and I acked it), so the same goes for this copy. >> >> @Arne I have a new question though: what is expected to happen is the >> --auth-token-user is specified in the global config? >> >> Is the same user supposed to be used with every client? >> Or is it just ignored? >> >> I am testing this case and I don't see the user being pushed to the client. >> > > It is probably the same as with auth-token itself. OpenVPN will pick it > up and use it but most times it is not every useful as auth-token should > be pushed from the server. It is an artefact from how we parse things. >
Makes sense - it is jus interpreted locally, but there is not much sense. This said, the rest looks good. Acked-by: Antonio Quartulli <anto...@openvpn.net> -- Antonio Quartulli _______________________________________________ Openvpn-devel mailing list Openvpn-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/openvpn-devel
