From patchwork Wed Oct 11 02:45:30 2017 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Simon Rozman X-Patchwork-Id: 27 X-Patchwork-Delegate: davids@openvpn.net Return-Path: Delivered-To: patchwork@openvpn.net Delivered-To: patchwork@openvpn.net Received: from director1.mail.ord1d.rsapps.net ([172.30.157.6]) by backend31.mail.ord1d.rsapps.net (Dovecot) with LMTP id 8aTYALwg3lnSAgAAgoeIoA for ; Wed, 11 Oct 2017 09:46:36 -0400 Received: from director6.mail.ord1c.rsapps.net ([172.28.140.6]) by director1.mail.ord1d.rsapps.net (Dovecot) with LMTP id +TZ7ALwg3lkHbAAANGzteQ ; Wed, 11 Oct 2017 09:46:36 -0400 Received: from smtp43.gate.ord1c ([172.28.255.1]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) by director6.mail.ord1c.rsapps.net (Dovecot) with LMTP id 9gf5OZEg3lkjLgAA5akwjA ; Wed, 11 Oct 2017 09:46:36 -0400 X-Spam-Threshold: 95 X-Spam-Score: 0 X-Spam-Flag: NO X-Virus-Scanned: OK X-MessageSniffer-Scan-Result: 0 X-MessageSniffer-Rules: 0-298-999-1211-w 0-298-999-1575-w 0-298-0-8402-f X-CMAE-Scan-Result: 0 X-CNFS-Analysis: v=2.2 cv=G8ReKJs5 c=1 sm=1 tr=0 a=Q8DxjiC8O3VT/NpP1XjEZQ==:117 a=Q8DxjiC8O3VT/NpP1XjEZQ==:17 a=kj9zAlcOel0A:10 a=02M-m0pO-4AA:10 a=WiVod9pSvdkA:10 a=9sSjY8p1AAAA:8 a=P_JWiMecAAAA:8 a=FP58Ms26AAAA:8 a=1BG8agVzZVx8kYdySq8A:9 a=CjuIK1q_8ugA:10 a=-FEs8UIgK8oA:10 a=NWVoK91CQyQA:10 a=ub54wNWiXv_DzeFsgEJW:22 a=D0-HAvA3Hk9NMREbgwuX:22 X-Orig-To: justin@openvpn.net X-Originating-Ip: [216.34.181.88] Authentication-Results: smtp43.gate.ord1c.rsapps.net; iprev=pass policy.iprev="216.34.181.88"; spf=pass smtp.mailfrom="openvpn-devel-bounces@lists.sourceforge.net" smtp.helo="lists.sourceforge.net"; dkim=fail (signature verification failed) header.d=sourceforge.net; dkim=fail (signature verification failed) header.d=sf.net; dkim=fail (signature verification failed) header.d=rozman.si; dmarc=fail (p=none; dis=none) header.from=rozman.si X-Classification-ID: 9812ff6a-ae8a-11e7-9b44-bc305befc478-1-1 Received: from [216.34.181.88] ([216.34.181.88:56380] helo=lists.sourceforge.net) by smtp43.gate.ord1c.rsapps.net (envelope-from ) (ecelerity 4.2.1.56364 r(Core:4.2.1.14)) with ESMTPS (cipher=DHE-RSA-AES256-GCM-SHA384) id 8E/C7-35377-9B02ED95; Wed, 11 Oct 2017 09:46:33 -0400 Received: from localhost ([127.0.0.1] helo=sfs-ml-1.v29.ch3.sourceforge.com) by sfs-ml-1.v29.ch3.sourceforge.com with esmtp (Exim 4.89) (envelope-from ) id 1e2HKl-0000xF-JM; Wed, 11 Oct 2017 13:46:05 +0000 Received: from sog-mx-4.v43.ch3.sourceforge.com ([172.29.43.194] helo=mx.sourceforge.net) by sfs-ml-1.v29.ch3.sourceforge.com with esmtps (TLSv1:DHE-RSA-AES256-SHA:256) (Exim 4.89) (envelope-from ) id 1e2HKj-0000we-Sa for openvpn-devel@lists.sourceforge.net; Wed, 11 Oct 2017 13:46:01 +0000 DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=sourceforge.net; s=x; h=Message-Id:Date:Subject:Cc:To:From; bh=2B1Muqdc36tZZj+u5aakuv0T6FCMNpy3FdCYItRLn4Y=; b=VobHMMuAEJcWxHNqsPsD8fcITcgbFm7+hW35ulIg7MPODpnqI1kV2rVK0199wF9Hg0uyhYd4ZtcNxwY9DmK2E3CXrChykV0bdhDeVtqY/B5y8kXSrOx5kSiNNgvljoAftKzQe7y3T3unNu5r6Wg1joWcEBdSeC57dbyWtFdPz6E=; DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=sf.net; s=x; h=Message-Id:Date:Subject:Cc:To:From; bh=2B1Muqdc36tZZj+u5aakuv0T6FCMNpy3FdCYItRLn4Y=; b=OimePFD85IaVVQgPxJC9ofMHanBwibwT5oLdZ+x+NzsRJ8XHFeE3o67g50NvJaSI1B+ApZbg+GpuIXvowJMT48pohpS3e5wpEwe61SjBTFys1tAf0dmgj1RomiilIedMVDT66/YyvCgx4pTfcgxZOSUsLLCygIdDM4TzEOcW5oU=; Received-SPF: pass (sog-mx-4.v43.ch3.sourceforge.com: domain of rozman.si designates 89.212.80.145 as permitted sender) client-ip=89.212.80.145; envelope-from=simon@rozman.si; helo=amebis01.amebis.si; Received: from amebis01.amebis.si ([89.212.80.145]) by sog-mx-4.v43.ch3.sourceforge.com with esmtps (TLSv1:AES256-SHA:256) (Exim 4.76) id 1e2HKg-0003l3-58 for openvpn-devel@lists.sourceforge.net; Wed, 11 Oct 2017 13:46:01 +0000 Received: from SR5.amebis.doma (unknown [192.168.100.253]) by amebis01.amebis.si (Postfix) with ESMTP id D7B67407BD; Wed, 11 Oct 2017 15:45:47 +0200 (CEST) DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple; d=rozman.si; s=default; t=1507729548; bh=1XVf4tUMwKlf3TCLBe9TPBYcOaG9sOBPGjD/nIFoy/k=; h=From:To:Cc:Subject:Date:Message-Id; b=ZfxhkdCdioamj7Z6cYkwx64mK7Qmg9x6lWz7nCdSy90XHq7OVxqyZbmrZ/g0lIUea 609B6l0+kA2Onblms1+buLEEIcqLq67aDqKQmD4ozfskZZKHr2SPdJErjVrvu9/lV1 4ukVoXR0tDiLoePyPahU2uJN48VE8JrOLguLUINw= From: simon@rozman.si To: openvpn-devel@lists.sourceforge.net Date: Wed, 11 Oct 2017 15:45:30 +0200 Message-Id: <20171011134530.6676-1-simon@rozman.si> X-Mailer: git-send-email 2.9.0.windows.1 X-Spam-Report: Spam Filtering performed by mx.sourceforge.net. See http://spamassassin.org/tag/ for more details. -1.5 SPF_CHECK_PASS SPF reports sender host as permitted sender for sender-domain -0.0 RCVD_IN_DNSWL_NONE RBL: Sender listed at http://www.dnswl.org/, no trust [89.212.80.145 listed in list.dnswl.org] -0.0 SPF_PASS SPF: sender matches SPF record -0.1 DKIM_VALID_AU Message has a valid DKIM or DK signature from author's domain 0.1 DKIM_SIGNED Message has a DKIM or DK signature, not necessarily valid -0.1 DKIM_VALID Message has at least one valid DKIM or DK signature 0.1 AWL AWL: Adjusted score from AWL reputation of From: address X-Headers-End: 1e2HKg-0003l3-58 Subject: [Openvpn-devel] [PATCH] Document ">PASSWORD:Auth-Token" real-time message X-BeenThere: openvpn-devel@lists.sourceforge.net X-Mailman-Version: 2.1.21 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , MIME-Version: 1.0 Errors-To: openvpn-devel-bounces@lists.sourceforge.net X-getmail-retrieved-from-mailbox: Inbox From: Simon Rozman Authentication tokens are security enhancement eliminating client need to cache passwords, and are indispensable at two factor authentication methods, such as HOTP or TOTP. The ">PASSWORD:Auth-Token" message was not mentioned anywhere in the OpenVPN Management Interface Notes. This patch adds a simple use case example, while the more detailed feature description remains explained in the OpenVPN manual. --- doc/management-notes.txt | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/doc/management-notes.txt b/doc/management-notes.txt index 0e7a7d4..c31ff5c 100644 --- a/doc/management-notes.txt +++ b/doc/management-notes.txt @@ -317,6 +317,13 @@ COMMAND -- password and username >PASSWORD:Verification Failed: 'custom server-generated string' + Example 6: If server pushes --auth-token to the client, the OpenVPN + will produce a real-time PASSWORD message: + + >PASSWORD:Auth-Token:foobar + + The client should replace the local password with the "foobar". + COMMAND -- forget-passwords ---------------------------