Skip to main content

Tutorial: How to Install a Post-auth Script

Abstract

Access Server supports a programming hook called post-authentication. You can use a custom Python script for post-auth functionality.

Overview

Access Server's post-auth programming hook allows you to extend Access Server's possibilities for authenticating against a source of credentials. This tutorial shows you how to install one.

Prerequisites

  • An installed Access Server.

  • A good understanding of Python.

Step 1: Install the post-auth script

  1. Download or create the script.

  2. Modify the script as needed for your configuration.

  3. Save it somewhere on your Access Server's file system.

  4. Install it on Access Server (connected to the console with root privileges):

    cd /usr/local/openvpn_as/scripts
./sacli --key "auth.module.post_auth_script" --value_file="<POST_AUTH_SCRIPT_PATH_AND_FILENAME>"1 ConfigPut
./sacli start

    1

    Replace <POST_AUTH_SCRIPT_PATH_AND_FILENAME> with the full path and filename where you saved the post-auth script.

Tip

We recommend keeping a copy of the script for any needed updates. It’s complicated to change it in Access Server’s configuration database, so we recommend editing the original file and loading it again with the above command.

In this section:
See also: