From patchwork Thu Mar 26 06:23:32 2020 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Arne Schwabe X-Patchwork-Id: 1053 Return-Path: Delivered-To: patchwork@openvpn.net Delivered-To: patchwork@openvpn.net Received: from director11.mail.ord1d.rsapps.net ([172.30.191.6]) by backend30.mail.ord1d.rsapps.net with LMTP id 8PIqBlzlfF7ULwAAIUCqbw for ; Thu, 26 Mar 2020 13:24:44 -0400 Received: from proxy9.mail.ord1d.rsapps.net ([172.30.191.6]) by director11.mail.ord1d.rsapps.net with LMTP id 4J/eBVzlfF7+VQAAvGGmqA ; Thu, 26 Mar 2020 13:24:44 -0400 Received: from smtp5.gate.ord1d ([172.30.191.6]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) by proxy9.mail.ord1d.rsapps.net with LMTP id oNrVBFzlfF6EXQAA7h+8OQ ; Thu, 26 Mar 2020 13:24:44 -0400 X-Spam-Threshold: 95 X-Spam-Score: 0 X-Spam-Flag: NO X-Virus-Scanned: OK X-Orig-To: openvpnslackdevel@openvpn.net X-Originating-Ip: [216.105.38.7] Authentication-Results: smtp5.gate.ord1d.rsapps.net; iprev=pass policy.iprev="216.105.38.7"; spf=pass smtp.mailfrom="openvpn-devel-bounces@lists.sourceforge.net" smtp.helo="lists.sourceforge.net"; dkim=fail (signature verification failed) header.d=sourceforge.net; dkim=fail (signature verification failed) header.d=sf.net; dmarc=none (p=nil; dis=none) header.from=rfc2549.org X-Suspicious-Flag: YES X-Classification-ID: ae22440e-6f86-11ea-a106-525400d73c44-1-1 Received: from [216.105.38.7] ([216.105.38.7:37868] helo=lists.sourceforge.net) by smtp5.gate.ord1d.rsapps.net (envelope-from ) (ecelerity 4.2.38.62370 r(:)) with ESMTPS (cipher=DHE-RSA-AES256-GCM-SHA384) id CD/0F-19730-B55EC7E5; Thu, 26 Mar 2020 13:24:43 -0400 Received: from [127.0.0.1] (helo=sfs-ml-4.v29.lw.sourceforge.com) by sfs-ml-4.v29.lw.sourceforge.com with esmtp (Exim 4.90_1) (envelope-from ) id 1jHWER-0004eR-Ax; Thu, 26 Mar 2020 17:23:51 +0000 Received: from [172.30.20.202] (helo=mx.sourceforge.net) by sfs-ml-4.v29.lw.sourceforge.com with esmtps (TLSv1.2:ECDHE-RSA-AES256-GCM-SHA384:256) (Exim 4.90_1) (envelope-from ) id 1jHWEQ-0004eI-FQ for openvpn-devel@lists.sourceforge.net; Thu, 26 Mar 2020 17:23:50 +0000 DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=sourceforge.net; s=x; h=References:In-Reply-To:Message-Id:Date:Subject:To: From:Sender:Reply-To:Cc:MIME-Version:Content-Type:Content-Transfer-Encoding: Content-ID:Content-Description:Resent-Date:Resent-From:Resent-Sender: Resent-To:Resent-Cc:Resent-Message-ID:List-Id:List-Help:List-Unsubscribe: List-Subscribe:List-Post:List-Owner:List-Archive; bh=HebUJJXaR7Vd7jBdyn090BwU2OQz5kDcdRBvzu6bI4k=; b=JPB7+eWOEK9mPAXcR+ORL1Jh/A Sh2F4tgdvSm9ZTh1Jp4SnS2gYFRO3gl1/tGXFt1t7rO8TEo9sldfg84O3DQ7sS54hWL410gFdzyWR +rURJaBhqX9gPALzI9WovDPPwMs1j91vv6k3N2xUU6oNZ0fLi0QHqxVMq+rckXOMFG3Q=; DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=sf.net; s=x ; h=References:In-Reply-To:Message-Id:Date:Subject:To:From:Sender:Reply-To:Cc :MIME-Version:Content-Type:Content-Transfer-Encoding:Content-ID: Content-Description:Resent-Date:Resent-From:Resent-Sender:Resent-To:Resent-Cc :Resent-Message-ID:List-Id:List-Help:List-Unsubscribe:List-Subscribe: List-Post:List-Owner:List-Archive; bh=HebUJJXaR7Vd7jBdyn090BwU2OQz5kDcdRBvzu6bI4k=; b=g9NlBQpjJSMQq5OTkYZEhZitkx A2q+G1qFPQBA3FnsiPxtXfH5wVZ1aNBgmFp36u87aPVa9sra0cYlY9PPZj1cQAfqCiYGnQ7BKERoO kESFgA0XN3LDvhbkwOv7uUyXMNovjfA9bFC5LE+cYYsNjNEQlS0SZc3e0hLIVJCoCEwY=; Received: from [192.26.174.232] (helo=mail.blinkt.de) by sfi-mx-3.v28.lw.sourceforge.com with esmtps (TLSv1.2:ECDHE-RSA-AES256-GCM-SHA384:256) (Exim 4.92.2) id 1jHWEP-004eCw-Fq for openvpn-devel@lists.sourceforge.net; Thu, 26 Mar 2020 17:23:50 +0000 Received: from kamera.blinkt.de ([2001:638:502:390:20c:29ff:fec8:535c]) by mail.blinkt.de with smtp (Exim 4.92.3 (FreeBSD)) (envelope-from ) id 1jHWE9-000DaY-0X for openvpn-devel@lists.sourceforge.net; Thu, 26 Mar 2020 18:23:33 +0100 Received: (nullmailer pid 2407 invoked by uid 10006); Thu, 26 Mar 2020 17:23:32 -0000 From: Arne Schwabe To: openvpn-devel@lists.sourceforge.net Date: Thu, 26 Mar 2020 18:23:32 +0100 Message-Id: <20200326172332.2356-3-arne@rfc2549.org> X-Mailer: git-send-email 2.17.1 In-Reply-To: <20200326172332.2356-1-arne@rfc2549.org> References: <20200326172332.2356-1-arne@rfc2549.org> X-Spam-Report: Spam Filtering performed by mx.sourceforge.net. See http://spamassassin.org/tag/ for more details. 0.2 HEADER_FROM_DIFFERENT_DOMAINS From and EnvelopeFrom 2nd level mail domains are different 0.0 SPF_NONE SPF: sender does not publish an SPF Record 0.0 SPF_HELO_NONE SPF: HELO does not publish an SPF Record 1.0 RDNS_NONE Delivered to internal network by a host with no rDNS -0.5 AWL AWL: Adjusted score from AWL reputation of From: address X-Headers-End: 1jHWEP-004eCw-Fq Subject: [Openvpn-devel] [PATCH 3/3] [auth-token] Document reneweal mechanic of auth-token in manual X-BeenThere: openvpn-devel@lists.sourceforge.net X-Mailman-Version: 2.1.21 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , MIME-Version: 1.0 Errors-To: openvpn-devel-bounces@lists.sourceforge.net X-getmail-retrieved-from-mailbox: Inbox Our man page was missing the information that the life time of the auth-token also depends on the reneg-sec Acked-by: Gert Doering --- doc/openvpn.8 | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/doc/openvpn.8 b/doc/openvpn.8 index 864f94e8..f890e7a2 100644 --- a/doc/openvpn.8 +++ b/doc/openvpn.8 @@ -3741,6 +3741,12 @@ argument defines how long the generated token is valid. The lifetime is defined in seconds. If lifetime is not set or it is set to 0, the token will never expire. +The token will expire either after the lifetime of the token or after +not being renewed for 2 * +.B reneg\-sec +seconds. Clients are being send renewed tokens on every +TLS renogiation to keep the client's token updated. + This feature is useful for environments which is configured to use One Time Passwords (OTP) as part of the user/password authentications and that authentication mechanism does not