aboutsummaryrefslogtreecommitdiff
path: root/init.h
diff options
context:
space:
mode:
authorJames Yonan <james@openvpn.net>2011-03-26 21:16:40 +0000
committerDavid Sommerseth <dazo@users.sourceforge.net>2011-04-26 22:29:11 +0200
commit0db046f253e86a3dd7583e2f7a13b21e7eba7493 (patch)
tree7b1f1cf2c832bfffd01a8714a81c2648fa570fe8 /init.h
parentwin/sign.py now accepts an optional tap-dir argument. (diff)
downloadopenvpn-0db046f253e86a3dd7583e2f7a13b21e7eba7493.tar.xz
Added "auth-token" client directive, which is intended to be
pushed by server, and that is used to offer a temporary session token to clients that can be used in place of a password on subsequent credential challenges. This accomplishes the security benefit of preventing caching of the real password while offering most of the advantages of password caching, i.e. not forcing the user to re-enter credentials for every TLS renegotiation or network hiccup. auth-token does two things: 1. if password caching is enabled, the token replaces the previous password, and 2. if the management interface is active, the token is output to it: >PASSWORD:Auth-Token:<token> Also made a minor change to HALT/RESTART processing when password caching is enabled. When client receives a HALT or RESTART message, and if the message text contains a flags block (i.e. [FFF]:message), if flag 'P' (preserve auth) is present in flags, don't purge the Auth password. Otherwise do purge the Auth password. Version 2.1.3o git-svn-id: http://svn.openvpn.net/projects/openvpn/branches/BETA21/openvpn@7088 e7ae566f-a301-0410-adde-c780ea21d3b5
Diffstat (limited to 'init.h')
0 files changed, 0 insertions, 0 deletions