[OpenVPN home] [Date Prev] [Date Index] [Date Next]
[OpenVPN mailing lists] [Thread Prev] [Thread Index] [Thread Next]
Google
 
Web openvpn.net

[Openvpn-users] Script to verify username/psw from a textfile


  • Subject: [Openvpn-users] Script to verify username/psw from a textfile
  • From: Mathias Sundman <mathias@xxxxxxxxxx>
  • Date: Thu, 30 Dec 2004 07:23:57 +0100 (CET)

Here's the script I came up with to do --auth-user-pass verification from a simple textfile. The password textfile should hold each account a row with the username and password separated with one or more spaces or tabs.

Lines beginning with ; or # is considered as comments. The script will also log all auth attempts to a file.

This is the very first time I've used awk so comments are welcome, especially if you think there is a potentional security problem.

Also keep in mind that passwords will be stored in cleartext on your server with all the security issues that comes with that, so this script should only be used as a last resort in environments where you are clear about the security implications this causes.

One example where I still think this can be useful is if you have your own firewall at home and want to simple way to access your home network.

James, feel free to add it to contrib if you want, or pipe it to /dev/null if you think it's just encouraging people to use weak authentication methods...

/Mathias


#/bin/sh ###################################################

PASSFILE="/etc/openvpn/psw-file"
LOG_FILE="/var/log/openvpn-password.log"
TIME_STAMP=`date "+%Y-%m-%d %T"`

###################################################

if [ ! -r "${PASSFILE}" ]; then
echo "${TIME_STAMP}: Could not open password file \"${PASSFILE}\" for reading." >> ${LOG_FILE}
exit 1
fi


CORRECT_PASSWORD=`awk '!/^;/&&!/^#/&&$1=="'${username}'"{print $2;exit}' ${PASSFILE}`

if [ "${CORRECT_PASSWORD}" = "" ]; then
echo "${TIME_STAMP}: User does not exist: username=\"${username}\", password=\"${password}\"." >> ${LOG_FILE}
exit 1
fi


if [ "${password}" = "${CORRECT_PASSWORD}" ]; then
echo "${TIME_STAMP}: Successful authentication: username=\"${username}\"." >> ${LOG_FILE}
exit 0
fi


echo "${TIME_STAMP}: Incorrect password: username=\"${username}\", password=\"${password}\"." >> ${LOG_FILE}
exit 1



-- _________________________________________________________ Mathias Sundman (^) ASCII Ribbon Campaign NILINGS AB X NO HTML/RTF in e-mail Tel: +46-(0)8-666 32 28 / \ NO Word docs in e-mail


------------------------------------------------------- The SF.Net email is sponsored by: Beat the post-holiday blues Get a FREE limited edition SourceForge.net t-shirt from ThinkGeek. It's fun and FREE -- well, almost....http://www.thinkgeek.com/sfshirt _______________________________________________ Openvpn-users mailing list Openvpn-users@xxxxxxxxxxxxxxxxxxxxx https://lists.sourceforge.net/lists/listinfo/openvpn-users