[OpenVPN home] [Date Prev] [Date Index] [Date Next]
[OpenVPN mailing lists] [Thread Prev] [Thread Index] [Thread Next]
Google
 
Web openvpn.net

Re: [Openvpn-users] OpenBSD Auth for user-pass authentication


  • Subject: Re: [Openvpn-users] OpenBSD Auth for user-pass authentication
  • From: Waldemar Brodkorb <wbx@xxxxxxxxx>
  • Date: Sun, 28 Nov 2004 02:04:52 +0100

Hi,
uml wrote,

> Does anyone have a solution for OpenBSD for the following 2.0_beta17 server
> option?
> auth-user-pass-verify /etc/openvpn/auth-pam.pl
> 
> The 'auth-pam.pl' script doesn't work on OpenBSD from what I can tell (and
> what I've tried).  I don't mind coding something myself, but am hitting a
> dead end when it comes to locating the right resource.  Any tips anyone?

Pluggable Authentication Modules is not used in OpenBSD. Try BSD
Authentication and you will succeed.
RTFM
man authenticate
man bsd_auth
 
A small c script may look like this:
=====================================

#include <sys/param.h>
#include <sys/types.h>
#include <stdio.h>
#include <stdlib.h>
#include <login_cap.h>
#include <bsd_auth.h>

int main() {

	int result;
	char *username;
	char *password;

	if(getenv("username") != NULL) {
		username = getenv("username");
	} else {
		printf("no username environmental variable set\n");
		return 1;
	}

	if(getenv("password") != NULL) {
		password = getenv("password");
	} else {
		printf("no password environmental variable set\n");
		return 1;
	}

	result = auth_userokay(username, NULL, NULL, password);
	if(result == 0) {
		printf("authentication failed");
	} else {
		return 0;
	}
	return 1;
}


I do not use this script, so please see it as an ugly example hack.
It works on my system with --auth-user-pass-verify ./bsd-auth via-env 

bye && good luck
    Waldemar

____________________________________________
Openvpn-users mailing list
Openvpn-users@xxxxxxxxxxxxxxxxxxxxx
https://lists.sourceforge.net/lists/listinfo/openvpn-users