[OpenVPN home] [Date Prev] [Date Index] [Date Next]
[OpenVPN mailing lists] [Thread Prev] [Thread Index] [Thread Next]
Google
 
Web openvpn.net

Re: [Openvpn-users] http-proxy auth creds from management interface


  • Subject: Re: [Openvpn-users] http-proxy auth creds from management interface
  • From: James Yonan <jim@xxxxxxxxx>
  • Date: Wed, 12 Jan 2005 17:34:40 -0700 (MST)


On Wed, 12 Jan 2005, Mathias Sundman wrote:

> On Wed, 12 Jan 2005, James Yonan wrote:
> 
> > Mathias Sundman <mathias@xxxxxxxxxx> said:
> >
> >> On Wed, 12 Jan 2005, James Yonan wrote:
> >>
> >>> Mathias Sundman <mathias@xxxxxxxxxx> said:
> >>>
> >>>> I just realized one more thing that would be useful to have in the 
> >>>> management interface -- Have it prompt for http-proxy auth creds 
> >>>> there instead of an authfile or stdin.
> >>>
> >>> Try passing the string "management" as the http-proxy password 
> >>> filename.
> >>>
> >>>> I think if authfile is set to "stdin" and 
> >>>> --management-query-passwords is used, it should use the management 
> >>>> interface instead.
> >>>
> >>> The way the code is set up right now, if the authfile is set to 
> >>> "management", it will always query the management interface.  Setting 
> >>> to "stdin" only queries the management interface for a certain subnet 
> >>> of password types.  Yes, this needs to be better documented.
> >>
> >> Ahh, sorry, I should have tried that. I just read the
> >> manpage and saw nothing about this...
> >>
> >> What do you mean by "Setting to "stdin" only queries the management
> >> interface for a certain subnet of password types."?
> >
> > Oops, that's a typo... I meant "subset" not "subnet".
> >
> > The subset = private key password and/or auth-user-pass username/password.
> > The http proxy password is not included here, so you need an
> > explicit "management" string as the authfile.
> >
> > It's probably more consise to simply use "management" rather than "stdin" in
> > all cases where you want to query the management interface.
> 
> I agree. My point was just that with a config written for console usage 
> all passwords are retrieved from stdin and when a GUI is used and 
> --management-query-passwords is appended on the cmd-line, the other 
> password prompts are redirected to the management interface, therefor I 
> though it would make sence if the http-proxy auth creds were redirected 
> also.
> 
> Otherwise you have to decide when writing the config file whether it 
> should be used with a GUI or from cmd-line. Even if most admins knows in 
> advance how the users will use it, it is very useful for troubleshooting
> to be able to run the very same config from both OpenVPN GUI and from 
> cmd-line.

I would tend to agree.  It's actually a trivial change to make 
--http-proxy query the management interface when authfile == "stdin".

James



-------------------------------------------------------
The SF.Net email is sponsored by: Beat the post-holiday blues
Get a FREE limited edition SourceForge.net t-shirt from ThinkGeek.
It's fun and FREE -- well, almost....http://www.thinkgeek.com/sfshirt
_______________________________________________
Openvpn-users mailing list
Openvpn-users@xxxxxxxxxxxxxxxxxxxxx
https://lists.sourceforge.net/lists/listinfo/openvpn-users