[OpenVPN home] [Date Prev] [Date Index] [Date Next]
[OpenVPN mailing lists] [Thread Prev] [Thread Index] [Thread Next]
Web openvpn.net

Re: [Openvpn-users] invalidate username/password setting via management interface

  • Subject: Re: [Openvpn-users] invalidate username/password setting via management interface
  • From: Erich Titl <erich.titl@xxxxxxxx>
  • Date: Mon, 14 Jan 2008 14:09:58 +0000

Wilhelm Meier wrote:
> Am Montag, 14. Januar 2008 schrieb Erich Titl:
>> Wilhelm Meier wrote:
>> ...
>>> If there are other solutions to this senario comments are
>>> appreciated ;-) (pre-shared keys are not a solution, since user
>>> authentication is required, because the openvpn-server has to
>>> distinguish between user-groups - only some are allowed to make a
>>> vpn connection).
>> Why not use certificate based authentication, It would make life so
>> much easier. The authentication is made against the access to the
>> private key and the CN is used to distinguish the users.
> The distinction must be made upon user-identities, not system 
> identities.

Certificates are not necessarily system identities, although they may be 
located on the system. Typically the ones I use are user distinctive, YMMV


OpenVPN mailing lists