Added the ability for the server to provide a custom reason string

when an AUTH_FAILED message is returned to the client.  This
string can be set by the server-side managment interface and read
by the client-side management interface.

For more info, see management/management-notes.txt, and look for
references to "client-reason-text".


git-svn-id: http://svn.openvpn.net/projects/openvpn/branches/BETA21/openvpn@5012 e7ae566f-a301-0410-adde-c780ea21d3b5

1 files changed, 10 insertions, 1 deletions

diff --git a/management/management-notes.txt b/management/management-notes.txt
index 45bfda4..1f4cbd0 100644
--- a/management/management-notes.txt
+++ b/management/management-notes.txt
@@ -308,6 +308,12 @@ COMMAND -- password and username
 
     >PASSWORD:Verification Failed: 'Auth'
 
+  Example 5: The --auth-user-pass username/password failed,
+  and the server provided a custom client-reason-text string
+  using the client-deny server-side management interface command.
+
+    >PASSWORD:Verification Failed: 'custom server-generated string'
+
 COMMAND -- forget-passwords
 ---------------------------
 
@@ -535,7 +541,7 @@ COMMAND -- client-deny  (OpenVPN 2.1 or higher)
 
 Deny a ">CLIENT:CONNECT" or ">CLIENT:REAUTH" request.
 
-  client-deny {CID} {KID} "reason-text"
+  client-deny {CID} {KID} "reason-text" ["client-reason-text"]
 
 CID,KID -- client ID and Key ID.  See documentation for ">CLIENT:"
 notification for more info.
@@ -544,6 +550,9 @@ reason-text: a human-readable message explaining why the authentication
 request was denied.  This message will be output to the OpenVPN log
 file or syslog.
 
+client-reason-text: a message that will be sent to the client as
+part of the AUTH_FAILED message.
+
 Note that client-deny denies a specific Key ID (pertaining to a
 TLS renegotiation).  A client-deny command issued in response to
 an initial TLS key negotiation (notified by ">CLIENT:CONNECT") will