[OpenVPN home] [Date Prev] [Date Index] [Date Next]
[OpenVPN mailing lists] [Thread Prev] [Thread Index] [Thread Next]
Google
 
Web openvpn.net

Re: [Openvpn-users] http-proxy auth creds from management interface


  • Subject: Re: [Openvpn-users] http-proxy auth creds from management interface
  • From: Mathias Sundman <mathias@xxxxxxxxxx>
  • Date: Wed, 12 Jan 2005 21:03:42 +0100 (CET)

On Wed, 12 Jan 2005, James Yonan wrote:

Mathias Sundman <mathias@xxxxxxxxxx> said:

On Wed, 12 Jan 2005, James Yonan wrote:

Mathias Sundman <mathias@xxxxxxxxxx> said:

I just realized one more thing that would be useful to have in the management interface -- Have it prompt for http-proxy auth creds there instead of an authfile or stdin.

Try passing the string "management" as the http-proxy password filename.


I think if authfile is set to "stdin" and --management-query-passwords is used, it should use the management interface instead.

The way the code is set up right now, if the authfile is set to "management", it will always query the management interface. Setting to "stdin" only queries the management interface for a certain subnet of password types. Yes, this needs to be better documented.

Ahh, sorry, I should have tried that. I just read the manpage and saw nothing about this...

What do you mean by "Setting to "stdin" only queries the management
interface for a certain subnet of password types."?

Oops, that's a typo... I meant "subset" not "subnet".

The subset = private key password and/or auth-user-pass username/password.
The http proxy password is not included here, so you need an
explicit "management" string as the authfile.

It's probably more consise to simply use "management" rather than "stdin" in
all cases where you want to query the management interface.

I agree. My point was just that with a config written for console usage all passwords are retrieved from stdin and when a GUI is used and --management-query-passwords is appended on the cmd-line, the other password prompts are redirected to the management interface, therefor I though it would make sence if the http-proxy auth creds were redirected also.


Otherwise you have to decide when writing the config file whether it should be used with a GUI or from cmd-line. Even if most admins knows in advance how the users will use it, it is very useful for troubleshooting
to be able to run the very same config from both OpenVPN GUI and from cmd-line.


--
_____________________________________________________________
Mathias Sundman                  (^)   ASCII Ribbon Campaign
OpenVPN GUI for Windows           X    NO HTML/RTF in e-mail
http://www.nilings.se/openvpn    / \   NO Word docs in e-mail