git.ipfire.org Git - thirdparty/openvpn.git/commit

author	James Yonan <james@openvpn.net>
	Sat, 26 Mar 2011 21:16:40 +0000 (21:16 +0000)
committer	David Sommerseth <dazo@users.sourceforge.net>
	Tue, 26 Apr 2011 20:29:11 +0000 (22:29 +0200)
commit	0db046f253e86a3dd7583e2f7a13b21e7eba7493
tree	7b1f1cf2c832bfffd01a8714a81c2648fa570fe8	tree \| snapshot
parent	1f001994070267d9d9016f0e5f13302de31e1284	commit \| diff

Added "auth-token" client directive, which is intended to be
pushed by server, and that is used to offer a temporary session
token to clients that can be used in place of a password on
subsequent credential challenges.

This accomplishes the security benefit of preventing caching
of the real password while offering most of the advantages
of password caching, i.e. not forcing the user to re-enter
credentials for every TLS renegotiation or network hiccup.

auth-token does two things:

1. if password caching is enabled, the token replaces the
   previous password, and

2. if the management interface is active, the token is output
   to it:

     >PASSWORD:Auth-Token:<token>

Also made a minor change to HALT/RESTART processing when password
caching is enabled.  When client receives a HALT or RESTART message,
and if the message text contains a flags block (i.e. [FFF]:message),
if flag 'P' (preserve auth) is present in flags, don't purge the Auth
password.  Otherwise do purge the Auth password.

Version 2.1.3o

git-svn-id: http://svn.openvpn.net/projects/openvpn/branches/BETA21/openvpn@7088 e7ae566f-a301-0410-adde-c780ea21d3b5

forward.c		diff \| blob \| blame \| history
init.c		diff \| blob \| blame \| history
manage.c		diff \| blob \| blame \| history
manage.h		diff \| blob \| blame \| history
misc.c		diff \| blob \| blame \| history
misc.h		diff \| blob \| blame \| history
options.c		diff \| blob \| blame \| history
push.c		diff \| blob \| blame \| history
ssl.c		diff \| blob \| blame \| history
ssl.h		diff \| blob \| blame \| history
version.m4		diff \| blob \| blame \| history