This would be a useful feature to me to use in conjunction with an always up / OpenVPN running as a service.
We have some industry and government rules we have to comply with, one of those is 2 factor authentication for anything that provides access to sensitive information or access to a network. For this reason, simple client certificate authentication running in the background will not be acceptable for compliance purposes, since that is a single factor of authentication. User VPN relying on AD credentials and a client certificate is acceptable, but requires user interaction to bring the tunnel up.
I'd like to see a way to use a domain joined machine's AD machine account as one factor of authentication, and then a client certificate as the second. Both of these could be used by a background VPN tunnel that comes up automatically without user intervention.
Use Windows Machine Account as an authentication option
Moderators: TinCanTech, TinCanTech, TinCanTech, TinCanTech, TinCanTech, TinCanTech
-
- OpenVpn Newbie
- Posts: 4
- Joined: Tue Aug 10, 2021 3:14 pm
- BadIdea
- OpenVpn Newbie
- Posts: 2
- Joined: Mon Jun 03, 2024 3:13 pm
Re: Use Windows Machine Account as an authentication option
I 2nd the requirements as it's also on my wish list.
Thank you
Thank you