Page 1 of 1
Authenticatig clients with certificates & username password
Posted: Sat Oct 30, 2010 8:16 am
by shaia
Hi All,
Can the openvpn server be configured so that it will allow connections from clients only if the clients have both a valid username/password and a valid certificate?
I am looking for something which is equivalent to ssh logins with a password protected private key, where the ssh server does not allow password only logins
Thanks,
Shai
Re: Authenticatig clients with certificates & username passw
Posted: Wed Nov 03, 2010 5:03 am
by krzee
[01:04] <krzee> !authpass
[01:04] <vpnHelper> krzee: "authpass" is (#1) please see --auth-user-pass-verify in the manual to learn how to force clients to use passwords in addition to certs, or (#2) or to ONLY use passwords (no certs, highly NOT recommended) also use --client-cert-not-required, or (#3) and if you want the login name to be used as the common-name for things like ccd entries, use --username-as-common-name
im lazy so i used my IRC bot to answer, let me know if that helped
Re: Authenticatig clients with certificates & username passw
Posted: Mon Nov 08, 2010 6:51 pm
by shaia
Maybe I didn't understand OpenVPN at all ...
If I don't use the --client-cert-not-required switch, the server will require a client certificate?
Does this mean the if I guess a correct username/password (i.e. admin/admin) I cannot connect to the server because I am missing a certificate?
Shai
Re: Authenticatig clients with certificates & username passw
Posted: Tue Nov 16, 2010 8:18 am
by krzee
shaia wrote:
If I don't use the --client-cert-not-required switch, the server will require a client certificate?
if you use this option, the server will NOT require the client certificate
Does this mean the if I guess a correct username/password (i.e. admin/admin) I cannot connect to the server because I am missing a certificate?
if you do not use the above option, that would be true (and more secure)