openvpn-auth-pam.so hangs entire daemon during auth

This forum is for general conversation and user-user networking.

Moderators: TinCanTech, TinCanTech, TinCanTech, TinCanTech, TinCanTech, TinCanTech

Post Reply
chadikins
OpenVpn Newbie
Posts: 1
Joined: Fri May 09, 2014 7:38 pm

openvpn-auth-pam.so hangs entire daemon during auth

Post by chadikins » Fri May 09, 2014 7:51 pm

I'm using a two-factor authentication system that integrates with PAM. As a result, the PAM conversations can take anywhere from a few seconds to a minute or longer as PAM waits for the user to acknowledge the token.

I've discovered that OpenVPN locks while the auth is taking place, regardless of the user.

For instance, let's say I have five people connected and a sixth one starts to connect. While the sixth user is in the PAM auth process waiting to acknowledge the token, the remaining users cannot pass traffic. Even the internal management interface hangs... it's just deadlocked.

Has anyone seen this before? I'm running 2.3.2... was this addressed at some point? I can file a bug in Trac but I wanted to toss this out there beforehand.

maglub
OpenVpn Newbie
Posts: 2
Joined: Wed Jun 14, 2017 7:36 am

Re: openvpn-auth-pam.so hangs entire daemon during auth

Post by maglub » Wed Jun 14, 2017 7:40 am

Hi,

I am like 3 years late to the party, but I have the exact same issue. I can reproduce it easily, and my scenario is the same. Running openvpn 2.3.10

My PAM call for multi factor authentication take a minimum of 10 - 20 seconds, as the user has to react to an application on their mobile phone. When this is going on, openvpn is blocking.

openvpn config for the pam integration:

Code: Select all

plugin /usr/lib/openvpn/openvpn-plugin-auth-pam.so openvpn
The script integration:

Code: Select all

sudo cat /etc/pam.d/openvpn 
account required	pam_permit.so
auth required pam_exec.so expose_authtok /path/to/my/authentication_script

Post Reply