[systemd-devel] openvpn + auth-user-pass + password agents
Colin Guthrie
gmane at colin.guthr.ie
Tue Nov 27 01:50:01 PST 2012
Hi,
Has anyone got patches to add password agent support to openvpn? I don't
see any patches in Fedora at least.
I've got a user whose reporting that they cannot enable this option in
their openvpn setup.
>From what I cant tell from a brief inspection it's just a matter of
hacking the get_console_input() method, although this is used to get
both username and password on occasions which the password agent stuff
doesn't really support.
It would seem like a relatively trivial thing to support (optionally
asking for username) so it seems odd to me that it's left out of the
spec when it could so simply have been included even if it wouldn't have
been used for the current use cases.
Can someone explain:
a) If username should be added and support added to openvpn to use this
mechanism for password auth and certificate password input.
b) If username should not be added and this is just totally insane
generally - and if so, why.
FWIW, it seems that "stdin" is used for a few things in openvpn:
1. OK confirmation (it seems that any input from the user would do)
2. A "response" from a challenge.
3. A username+password combo.
4. A pkcs11 "pin" (or the word 'cancel' which is lame but could
probably be done more gracefully with agents).
These do all seem to fall within what could be argued as valid uses for
the password agent system, albeit they are extending it somewhat.
Thoughts on how best to solve this problem greatly appreciated.
Col
--
Colin Guthrie
gmane(at)colin.guthr.ie
http://colin.guthr.ie/
Day Job:
Tribalogic Limited http://www.tribalogic.net/
Open Source:
Mageia Contributor http://www.mageia.org/
PulseAudio Hacker http://www.pulseaudio.org/
Trac Hacker http://trac.edgewall.org/
More information about the systemd-devel
mailing list