From 5733ef668ff51d7a553fb5bc76a1c4ff00352e27 Mon Sep 17 00:00:00 2001 From: james Date: Tue, 29 Sep 2009 23:10:14 +0000 Subject: Added the ability for the server to provide a custom reason string when an AUTH_FAILED message is returned to the client. This string can be set by the server-side managment interface and read by the client-side management interface. For more info, see management/management-notes.txt, and look for references to "client-reason-text". git-svn-id: http://svn.openvpn.net/projects/openvpn/branches/BETA21/openvpn@5012 e7ae566f-a301-0410-adde-c780ea21d3b5 --- management/management-notes.txt | 11 ++++++++++- 1 file changed, 10 insertions(+), 1 deletion(-) (limited to 'management/management-notes.txt') diff --git a/management/management-notes.txt b/management/management-notes.txt index 45bfda4..1f4cbd0 100644 --- a/management/management-notes.txt +++ b/management/management-notes.txt @@ -308,6 +308,12 @@ COMMAND -- password and username >PASSWORD:Verification Failed: 'Auth' + Example 5: The --auth-user-pass username/password failed, + and the server provided a custom client-reason-text string + using the client-deny server-side management interface command. + + >PASSWORD:Verification Failed: 'custom server-generated string' + COMMAND -- forget-passwords --------------------------- @@ -535,7 +541,7 @@ COMMAND -- client-deny (OpenVPN 2.1 or higher) Deny a ">CLIENT:CONNECT" or ">CLIENT:REAUTH" request. - client-deny {CID} {KID} "reason-text" + client-deny {CID} {KID} "reason-text" ["client-reason-text"] CID,KID -- client ID and Key ID. See documentation for ">CLIENT:" notification for more info. @@ -544,6 +550,9 @@ reason-text: a human-readable message explaining why the authentication request was denied. This message will be output to the OpenVPN log file or syslog. +client-reason-text: a message that will be sent to the client as +part of the AUTH_FAILED message. + Note that client-deny denies a specific Key ID (pertaining to a TLS renegotiation). A client-deny command issued in response to an initial TLS key negotiation (notified by ">CLIENT:CONNECT") will -- cgit v1.2.3