From: Simon Rozman <simon@rozman.si>
Date: Wed, 11 Oct 2017 13:45:30 +0000 (+0200)
Subject: Document ">PASSWORD:Auth-Token" real-time message
X-Git-Tag: v2.5_beta1~571
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=a294cd65f6c61d41e1b7584b07295aba73aeb4cb;p=thirdparty%2Fopenvpn.git

Document ">PASSWORD:Auth-Token" real-time message

Authentication tokens are security enhancement eliminating client
need to cache passwords, and are indispensable at two factor
authentication methods, such as HOTP or TOTP.

The ">PASSWORD:Auth-Token" message was not mentioned anywhere in
the OpenVPN Management Interface Notes. This patch adds a simple use
case example, while the more detailed feature description remains
explained in the OpenVPN manual.
Acked-by: David Sommerseth <davids@openvpn.net>
Message-Id: <20171011134530.6676-1-simon@rozman.si>
URL: https://www.mail-archive.com/openvpn-devel@lists.sourceforge.net/msg15599.html

Signed-off-by: Gert Doering <gert@greenie.muc.de>
---

diff --git a/doc/management-notes.txt b/doc/management-notes.txt
index 29c3aadf2..373ab7c70 100644
--- a/doc/management-notes.txt
+++ b/doc/management-notes.txt
@@ -317,6 +317,11 @@ COMMAND -- password and username
 
     >PASSWORD:Verification Failed: 'custom server-generated string'
 
+  Example 6: If server pushes --auth-token to the client, the OpenVPN
+  will produce a real-time PASSWORD message:
+
+    >PASSWORD:Auth-Token:foobar
+
 COMMAND -- forget-passwords
 ---------------------------