cron2 has uploaded a new patch set (#2) to the change originally created by plaisthos. ( http://gerrit.openvpn.net/c/openvpn/+/914?usp=email )
The following approvals got outdated and were removed: Code-Review+2 by flichtenheld Change subject: Improve documentation for override-username ...................................................................... Improve documentation for override-username - Mention that pushing auth-token-user only happens when OpenVPN also generates the auth-token. - mention that OpenVPN will only accept the original and overridden username from a client - suggest to use auth-token-user when a user generates the auth-token Change-Id: Ifc7443974345042ab9945d6a10e1d1b4525e5e05 Signed-off-by: Arne Schwabe <a...@rfc2549.org> Acked-by: Frank Lichtenheld <fr...@lichtenheld.com> Message-Id: <20250324135441.26725-1-g...@greenie.muc.de> URL: https://www.mail-archive.com/openvpn-devel@lists.sourceforge.net/msg31210.html Signed-off-by: Gert Doering <g...@greenie.muc.de> --- M doc/man-sections/server-options.rst 1 file changed, 10 insertions(+), 1 deletion(-) git pull ssh://gerrit.openvpn.net:29418/openvpn refs/changes/14/914/2 diff --git a/doc/man-sections/server-options.rst b/doc/man-sections/server-options.rst index e93b04d..ccc1374 100644 --- a/doc/man-sections/server-options.rst +++ b/doc/man-sections/server-options.rst @@ -432,7 +432,12 @@ The changed username will be picked up by the status output and also by the ``--auth-gen-token`` option. It will also be pushed to the client - using ``--auth-token-user``. + using ``--auth-token-user`` if ``--auth-gen-token`` is enabled. + + Internally on all subsequent renegotiations the client provided username + will be replaced by the username provided by ``--override-username``. + If the client changes to a username that is different from both the initial + and the overridden username, the client will be rejected. Special care should be taken that both the initial username of the client and the overridden username are handled correctly when using @@ -444,6 +449,10 @@ can be used for ``--auth-gen-token`` to allow providing a username in these scenarios. + If the ``--auth-token`` directive is pushed by another script/plugin or + management interface, consider also generating and pushing + ``--auth-token-user``. + --port-share args Share OpenVPN TCP with another service -- To view, visit http://gerrit.openvpn.net/c/openvpn/+/914?usp=email To unsubscribe, or for help writing mail filters, visit http://gerrit.openvpn.net/settings Gerrit-Project: openvpn Gerrit-Branch: master Gerrit-Change-Id: Ifc7443974345042ab9945d6a10e1d1b4525e5e05 Gerrit-Change-Number: 914 Gerrit-PatchSet: 2 Gerrit-Owner: plaisthos <arne-open...@rfc2549.org> Gerrit-Reviewer: flichtenheld <fr...@lichtenheld.com> Gerrit-CC: openvpn-devel <openvpn-devel@lists.sourceforge.net> Gerrit-MessageType: newpatchset
_______________________________________________ Openvpn-devel mailing list Openvpn-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/openvpn-devel
