diff options
author | Arne Schwabe | 2021-04-07 17:49:51 +0200 |
---|---|---|
committer | Gert Doering | 2021-04-28 14:03:55 +0200 |
commit | 28e6103096ae8ba0a4498da1625a61150a50e6c1 (patch) | |
tree | 7ffc89f75330dff9a5c39d1a42d29b1ed9b01833 /Changes.rst | |
parent | 925f0180318033f9ea7885b40b4b8200b35abbca (diff) | |
download | openvpn-28e6103096ae8ba0a4498da1625a61150a50e6c1.zip openvpn-28e6103096ae8ba0a4498da1625a61150a50e6c1.tar.gz |
Implement deferred auth for scripts
This patch also refactors the if condition that checks the result of
the authentication since that has become quite unreadable. It renames
s1/s2 and extracts some parts of the condition into individual variables
to make the condition better understandle
Patch v2: add refactoring of the if condition
Patch v4: fix documentation not mentioning method as 2nd line
Patch v5: fix deferred auth used by both plugin and script not working
Patch v6: Add missing async inotify for script deferred auth
Signed-off-by: Arne Schwabe <arne@rfc2549.org>
Tested-by: Antonio Quartulli <antonio@openvpn.net>
Acked-by: Antonio Quartulli <antonio@openvpn.net>
Acked-by: Gert Doering <gert@greenie.muc.de>
Message-Id: <20210407154951.13330-1-arne@rfc2549.org>
URL: https://www.mail-archive.com/openvpn-devel@lists.sourceforge.net/msg22072.html
Signed-off-by: Gert Doering <gert@greenie.muc.de>
Diffstat (limited to 'Changes.rst')
-rw-r--r-- | Changes.rst | 10 |
1 files changed, 10 insertions, 0 deletions
diff --git a/Changes.rst b/Changes.rst index 457dfc0..9185b55 100644 --- a/Changes.rst +++ b/Changes.rst @@ -30,6 +30,16 @@ TLS mode with self-signed certificates become optional. This allows for small OpenVPN setups without setting up a PKI with Easy-RSA or similar software. +Deferred auth support for scripts + The ``--auth-user-pass-verify`` script supports now deferred authentication. + +Pending auth support for plugins and scripts + Both auth plugin and script can now signal pending authentication to + the client when using deferred authentication. The new ``client-crresponse`` + script option and ``OPENVPN_PLUGIN_CLIENT_CRRESPONSE`` plugin function can + be used to parse a client response to a ``CR_TEXT`` two factor challenge. + + See ``sample/sample-scripts/totpauth.py`` for an example. Deprecated features ------------------- |