[OpenVPN home] [Date Prev] [Date Index] [Date Next]
[OpenVPN mailing lists] [Thread Prev] [Thread Index] [Thread Next]
Web openvpn.net

Re: [Openvpn-users] Re: auth-user-pass-verify security problem?

  • Subject: Re: [Openvpn-users] Re: auth-user-pass-verify security problem?
  • From: Didier Conchaudron <didier@xxxxxxxxxxxxxxx>
  • Date: Mon, 13 Dec 2004 16:45:56 +0100

Charles Duffy wrote:
On Mon, 13 Dec 2004 16:15:00 +0100, Didier Conchaudron wrote:

I was wondering why the directive auth-user-pass-verify is executed when the peer connection is still untrusted? (like it's written in the man page)

How do you trust them except by verifying their credentials? The user name
and password they provide are part of their credentials, after all (or
*all* of their credentials in sites using client-cert-not-required).

I understand. But In my case I want to use this feature as a way to authenticate my users on my network after a successfull access to my vpn server. In my opinion, the certs verification via tls-verify is sufficient for vpn authentication.



Openvpn-users mailing list