[OpenVPN home] [Date Prev] [Date Index] [Date Next]
[OpenVPN mailing lists] [Thread Prev] [Thread Index] [Thread Next]
Web openvpn.net

[Openvpn-users] Re: auth-user-pass-verify security problem?

  • Subject: [Openvpn-users] Re: auth-user-pass-verify security problem?
  • From: Charles Duffy <cduffy@xxxxxxxxxxx>
  • Date: Mon, 13 Dec 2004 09:24:43 -0600

On Mon, 13 Dec 2004 16:15:00 +0100, Didier Conchaudron wrote:

> I was wondering why the directive auth-user-pass-verify is executed when 
> the peer connection is still untrusted? (like it's written in the man page)

How do you trust them except by verifying their credentials? The user name
and password they provide are part of their credentials, after all (or
*all* of their credentials in sites using client-cert-not-required).

Openvpn-users mailing list