>On Tuesday, January 9th, 2024 at 4:25 PM, Gert Doering <g...@greenie.muc.de> >wrote:
> Hi, > > On Tue, Jan 09, 2024 at 11:33:22AM +0000, Peter Davis wrote: > > > > What do you mean by "revoke the key of one department"? This question does > > > not make much sense, since there is no per-department key, if you do not > > > have per-department servers. > > > > In your company, you have 3 departments. One is the IT department, > > the other is the management department, and the last one is the > > supervision department. An employee in the supervision department > > shares a key with someone outside the company, and you want to block > > access to the server through that key. You must revoke the certificate > > of the supervision department. If each department has its own key, > > then this does not affect other departments. > > > Textbook, X.509, please. > > Departments have no keys/certs. Users have keys/certs. So if a user > key is lost, you revoke that user key. > > Why would you revoke the whole access for the department? > > gert > > -- > "If was one thing all people took for granted, was conviction that if you > feed honest figures into a computer, honest figures come out. Never doubted > it myself till I met a computer with a sense of humor." > Robert A. Heinlein, The Moon is a Harsh Mistress > > Gert Doering - Munich, Germany g...@greenie.muc.de Hi, Thanks again. True, but I don't want to create a key for each employee in the department. About auth-user-pass I have two options. One is to create a username and password on the OpenVPN server (Linux), and the other is to connect OpenVPN to Active Directory so that users can be authenticated through it. I have two questions: 1- Which one is better? 2- The Active Directory server is located inside the company, and if users want to connect to the OpenVPN server from outside the company, then how is authentication done? _______________________________________________ Openvpn-users mailing list Openvpn-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/openvpn-users
