Document ">PASSWORD:Auth-Token" real-time message

Authentication tokens are security enhancement eliminating client
need to cache passwords, and are indispensable at two factor
authentication methods, such as HOTP or TOTP.

The ">PASSWORD:Auth-Token" message was not mentioned anywhere in
the OpenVPN Management Interface Notes. This patch adds a simple use
case example, while the more detailed feature description remains
explained in the OpenVPN manual.
Acked-by: David Sommerseth <davids@openvpn.net>
Message-Id: <20171011134530.6676-1-simon@rozman.si>
URL: https://www.mail-archive.com/openvpn-devel@lists.sourceforge.net/msg15599.html

Signed-off-by: Gert Doering <gert@greenie.muc.de>
(cherry picked from commit a294cd65f6c61d41e1b7584b07295aba73aeb4cb)

diff --git a/doc/management-notes.txt b/doc/management-notes.txt
index 29c3aadf2ab069ddd692aac46198b72fcc908196..373ab7c70183f3703055e164bbdb4bafb5cb8122 100644 (file)
--- a/doc/management-notes.txt
+++ b/doc/management-notes.txt
@@ -317,6 +317,11 @@ COMMAND -- password and username
 
     >PASSWORD:Verification Failed: 'custom server-generated string'
 
+  Example 6: If server pushes --auth-token to the client, the OpenVPN
+  will produce a real-time PASSWORD message:
+
+    >PASSWORD:Auth-Token:foobar
+
 COMMAND -- forget-passwords
 ---------------------------