From: Selva Nair Date: Sun, 27 Sep 2020 18:46:00 +0000 (-0400) Subject: Improve documentation of --username-as-common-name X-Git-Tag: v2.5_rc2~3 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=f9f5b4a307ddd59dd9eddcc869d05cc89dffbeb5;p=thirdparty%2Fopenvpn.git Improve documentation of --username-as-common-name Trac #1079 Signed-off-by: Selva Nair Acked-by: David Sommerseth Message-Id: <1601232360-14096-1-git-send-email-selva.nair@gmail.com> URL: https://www.mail-archive.com/openvpn-devel@lists.sourceforge.net/msg21098.html Signed-off-by: Gert Doering (cherry picked from commit 66ad8727935a371e237a5bada142c9f5f467c3f8) --- diff --git a/doc/man-sections/server-options.rst b/doc/man-sections/server-options.rst index c0b22a534..5a689452c 100644 --- a/doc/man-sections/server-options.rst +++ b/doc/man-sections/server-options.rst @@ -668,9 +668,15 @@ fast hardware. SSL/TLS authentication must be used in this mode. ``--max-routes-per-client`` --username-as-common-name - For ``--auth-user-pass-verify`` authentication, use the authenticated - username as the common name, rather than the common name from the client - cert. + Use the authenticated username as the common-name, rather than the + common-name from the client certificate. Requires that some form of + ``--auth-user-pass`` verification is in effect. As the replacement happens + after ``--auth-user-pass`` verification, the verification script or + plugin will still receive the common-name from the certificate. + + The common_name environment variable passed to scripts and plugins invoked + after authentication (e.g, client-connect script) and file names parsed in + client-config directory will match the username. --verify-client-cert mode Specify whether the client is required to supply a valid certificate.