Message ID | 20200326172332.2356-3-arne@rfc2549.org |
---|---|
State | Accepted |
Headers | show |
Series | [Openvpn-devel,1/3,Auth-token] Fix session id and initial timestamp not begin preserved | expand |
On Thu, Mar 26, 2020 at 18:23:32 +0100, Arne Schwabe wrote: > diff --git a/doc/openvpn.8 b/doc/openvpn.8 > index 864f94e8..f890e7a2 100644 > --- a/doc/openvpn.8 > +++ b/doc/openvpn.8 > @@ -3741,6 +3741,12 @@ argument defines how long the generated token is valid. The > lifetime is defined in seconds. If lifetime is not set > or it is set to 0, the token will never expire. > > +The token will expire either after the lifetime of the token or after > +not being renewed for 2 * > +.B reneg\-sec > +seconds. Clients are being send renewed tokens on every s/send/sent/ (Would something like "Clients should normally be sent" or "During normal operation, clients will be sent" be a clearer explanation of the topic?) Nathan ---------------------------------------------------------------------------- Nathan Stratton Treadway - nathanst@ontko.com - Mid-Atlantic region Ray Ontko & Co. - Software consulting services - http://www.ontko.com/ GPG Key: http://www.ontko.com/~nathanst/gpg_key.txt ID: 1023D/ECFB6239 Key fingerprint = 6AD8 485E 20B9 5C71 231C 0C32 15F3 ADCD ECFB 6239
Acked-by: Gert Doering <gert@greenie.muc.de> Documentation is good. I have followed the advice from Nathan Stratton Treadway and looked a bit into the wording, and added some text that I feel explains the process and reasoning better (based on how you explained it to me). I hope it's ok. Your patch has been applied to the master branch. commit b0c94aff299fcec607d6a0194c4cdea8a33dd353 Author: Arne Schwabe Date: Thu Mar 26 18:23:32 2020 +0100 Document reneweal mechanic of auth-token in manual Acked-by: Gert Doering <gert@greenie.muc.de> Message-Id: <20200326172332.2356-3-arne@rfc2549.org> URL: https://www.mail-archive.com/openvpn-devel@lists.sourceforge.net/msg19620.html Signed-off-by: Gert Doering <gert@greenie.muc.de> -- kind regards, Gert Doering
diff --git a/doc/openvpn.8 b/doc/openvpn.8 index 864f94e8..f890e7a2 100644 --- a/doc/openvpn.8 +++ b/doc/openvpn.8 @@ -3741,6 +3741,12 @@ argument defines how long the generated token is valid. The lifetime is defined in seconds. If lifetime is not set or it is set to 0, the token will never expire. +The token will expire either after the lifetime of the token or after +not being renewed for 2 * +.B reneg\-sec +seconds. Clients are being send renewed tokens on every +TLS renogiation to keep the client's token updated. + This feature is useful for environments which is configured to use One Time Passwords (OTP) as part of the user/password authentications and that authentication mechanism does not