|
|
tisdagen den 3 maj 2005 11.26 skrev David Curé: > Hi, > > I use Openvpn 2 with certificat authentification. I want to add > username/password capability. > > I add "plugin /usr/local/lib/openvpn-auth-pam.so login" in server > configuration and "auth-user-pass" in the client side. (When I start > openvpn in server side, there is now 2 processes). Note that the "login" keyword refers to /etc/pam.d/login which may have restrictions that openvpn does not confirm to (such as having an acceptable tty...) or whatever. /etc/pam.d/openvpn #%PAM-1.0 auth required /lib/security/pam_stack.so service=system-auth account required /lib/security/pam_stack.so service=system-auth account required /lib/security/pam_listfile.so file=/etc/security/openvpngroup item=group sense=allow onerr=fail (no session and passwd) The /etc/security/openvpngroup contain the name of a group whose members may use the openvpn server. That line may be dropped if the restriction is not needed. system-auth uses LDAP to do its part. -- robin ____________________________________________ Openvpn-users mailing list Openvpn-users@xxxxxxxxxxxxxxxxxxxxx https://lists.sourceforge.net/lists/listinfo/openvpn-users Warning: require_once(../../../archive_common.php) [function.require-once]: failed to open stream: No such file or directory in /home/openvpn/domains/openvpn.net/public_html/archive/openvpn-users/2005-05/msg00072.html on line 205 Fatal error: require_once() [function.require]: Failed opening required '../../../archive_common.php' (include_path='/usr/local/lib/php') in /home/openvpn/domains/openvpn.net/public_html/archive/openvpn-users/2005-05/msg00072.html on line 205 |