[OpenVPN home] [Date Prev] [Date Index] [Date Next]
[OpenVPN mailing lists] [Thread Prev] [Thread Index] [Thread Next]
Web openvpn.net

Re: [Openvpn-users] OpenBSD Auth for user-pass authentication

  • Subject: Re: [Openvpn-users] OpenBSD Auth for user-pass authentication
  • From: Waldemar Brodkorb <wbx@xxxxxxxxx>
  • Date: Sun, 28 Nov 2004 02:04:52 +0100

uml wrote,

> Does anyone have a solution for OpenBSD for the following 2.0_beta17 server
> option?
> auth-user-pass-verify /etc/openvpn/auth-pam.pl
> The 'auth-pam.pl' script doesn't work on OpenBSD from what I can tell (and
> what I've tried).  I don't mind coding something myself, but am hitting a
> dead end when it comes to locating the right resource.  Any tips anyone?

Pluggable Authentication Modules is not used in OpenBSD. Try BSD
Authentication and you will succeed.
man authenticate
man bsd_auth
A small c script may look like this:

#include <sys/param.h>
#include <sys/types.h>
#include <stdio.h>
#include <stdlib.h>
#include <login_cap.h>
#include <bsd_auth.h>

int main() {

	int result;
	char *username;
	char *password;

	if(getenv("username") != NULL) {
		username = getenv("username");
	} else {
		printf("no username environmental variable set\n");
		return 1;

	if(getenv("password") != NULL) {
		password = getenv("password");
	} else {
		printf("no password environmental variable set\n");
		return 1;

	result = auth_userokay(username, NULL, NULL, password);
	if(result == 0) {
		printf("authentication failed");
	} else {
		return 0;
	return 1;

I do not use this script, so please see it as an ugly example hack.
It works on my system with --auth-user-pass-verify ./bsd-auth via-env 

bye && good luck

Openvpn-users mailing list