|
|
Ralf Hildebrandt wrote:
>* Alon Bar-Lev <alon.barlev@xxxxxxxxx>:
>
>
>>Nuno Marques wrote:
>>
>>
>>>Hi,
>>>
>>>I'm giving a different certificate to each user, and all the
>>>ceertificates have the correct username in them, but I also need the
>>>username/password to validate the user in the Active Directory, so it
>>>can happen that one user have one certificate with common name John Doe,
>>>but when asked for user/pass to perform validation in the AD puts Robert
>>>Doe.
>>>
>>>If the Robert Doe user exists in the AD and the password entered is
>>>correct, that user will login with an ID different of the one present in
>>>the certificate.
>>>
>>>
>
>I asked for the same, 3 weeks ago.
>The solution:
>
>auth-user-pass-verify /usr/local/scripts/ucn.pl via-env
>
>ucn.pl is attached
>
>
>
>------------------------------------------------------------------------
>
>#!/usr/bin/perl -t
>
># OpenVPN --auth-user-pass-verify script.
># Only authenticate if username equals common_name.
># In OpenVPN config file:
># auth-user-pass-verify ./ucn.pl via-env
>
>$username = $ENV{'username'};
>$common_name = $ENV{'common_name'};
>
>@common_name_array = split(/\./, $common_name);
>
>#print $username;
>#print $common_name_array[0];
>
>exit !(length($username) > 0 && length($common_name) > 0 && $username eq $common_name_array[0]);
>
># END
>
>
Hi,
thanks for the answer!
I've tested and $ENV{'common_name'} works even if you send the user/pass
by file (or /dev/shm) which, I think, is better security wise.
Nuno Marques
--
Nuno Marques <nmarques@xxxxxxxxxxx>
Administração de Sistemas DI-FCUL
Faculdade de Ciências da Universidade de Lisboa
Campo Grande - Edificio C6 - Piso 3
-------------------------------------------------------
This SF.net email is sponsored by: Splunk Inc. Do you grep through log files
for problems? Stop! Download the new AJAX search engine that makes
searching your log files as easy as surfing the web. DOWNLOAD SPLUNK!
Openvpn-users mailing list
Openvpn-users@xxxxxxxxxxxxxxxxxxxxx
https://lists.sourceforge.net/lists/listinfo/openvpn-users
Warning: require_once(../../../archive_common.php) [function.require-once]: failed to open stream: No such file or directory in /home/openvpn/domains/openvpn.net/public_html/archive/openvpn-users/2006-02/msg00049.html on line 253
Fatal error: require_once() [function.require]: Failed opening required '../../../archive_common.php' (include_path='/usr/local/lib/php') in /home/openvpn/domains/openvpn.net/public_html/archive/openvpn-users/2006-02/msg00049.html on line 253
|