[Openvpn-devel,3/3,auth-token] Document reneweal mechanic of auth-token in manual

Message ID 20200326172332.2356-3-arne@rfc2549.org
State Accepted
Headers show
Series
  • [Openvpn-devel,1/3,Auth-token] Fix session id and initial timestamp not begin preserved
Related show

Commit Message

Arne Schwabe March 26, 2020, 5:23 p.m.
Our man page was missing the information that the life time of the
auth-token also depends on the reneg-sec
---
 doc/openvpn.8 | 6 ++++++
 1 file changed, 6 insertions(+)

Comments

Nathan Stratton Treadway March 26, 2020, 7:17 p.m. | #1
On Thu, Mar 26, 2020 at 18:23:32 +0100, Arne Schwabe wrote:
> diff --git a/doc/openvpn.8 b/doc/openvpn.8
> index 864f94e8..f890e7a2 100644
> --- a/doc/openvpn.8
> +++ b/doc/openvpn.8
> @@ -3741,6 +3741,12 @@ argument defines how long the generated token is valid.  The
>  lifetime is defined in seconds.  If lifetime is not set
>  or it is set to 0, the token will never expire.
>  
> +The token will expire either after the lifetime of the token or after
> +not being renewed for 2 *
> +.B reneg\-sec
> +seconds. Clients are being send renewed tokens on every

s/send/sent/

(Would something like "Clients should normally be sent" or "During normal
operation, clients will be sent" be a clearer explanation of the topic?)

							Nathan

----------------------------------------------------------------------------
Nathan Stratton Treadway  -  nathanst@ontko.com  -  Mid-Atlantic region
Ray Ontko & Co.  -  Software consulting services  -   http://www.ontko.com/
 GPG Key: http://www.ontko.com/~nathanst/gpg_key.txt   ID: 1023D/ECFB6239
 Key fingerprint = 6AD8 485E 20B9 5C71 231C  0C32 15F3 ADCD ECFB 6239
Gert Doering May 11, 2020, 7:10 p.m. | #2
Acked-by: Gert Doering <gert@greenie.muc.de>

Documentation is good.

I have followed the advice from Nathan Stratton Treadway and looked a bit
into the wording, and added some text that I feel explains the process
and reasoning better (based on how you explained it to me).  I hope it's
ok.

Your patch has been applied to the master branch.

commit b0c94aff299fcec607d6a0194c4cdea8a33dd353
Author: Arne Schwabe
Date:   Thu Mar 26 18:23:32 2020 +0100

     Document reneweal mechanic of auth-token in manual

     Acked-by: Gert Doering <gert@greenie.muc.de>
     Message-Id: <20200326172332.2356-3-arne@rfc2549.org>
     URL: https://www.mail-archive.com/openvpn-devel@lists.sourceforge.net/msg19620.html
     Signed-off-by: Gert Doering <gert@greenie.muc.de>


--
kind regards,

Gert Doering

Patch

diff --git a/doc/openvpn.8 b/doc/openvpn.8
index 864f94e8..f890e7a2 100644
--- a/doc/openvpn.8
+++ b/doc/openvpn.8
@@ -3741,6 +3741,12 @@  argument defines how long the generated token is valid.  The
 lifetime is defined in seconds.  If lifetime is not set
 or it is set to 0, the token will never expire.
 
+The token will expire either after the lifetime of the token or after
+not being renewed for 2 *
+.B reneg\-sec
+seconds. Clients are being send renewed tokens on every
+TLS renogiation to keep the client's token updated.
+
 This feature is useful for environments which is configured
 to use One Time Passwords (OTP) as part of the user/password
 authentications and that authentication mechanism does not