mirror of
https://github.com/OpenVPN/openvpn.git
synced 2025-06-26 05:57:02 +08:00
ebd433bd1e
This allow the server to set and override the username that is assumed for the client for interaction with the client after the authentication. This is especially intended to allow the of use auth-gen-token in scenarios where the clients use certificates and multi-factor authentication. It allows a client to successfully roam to a different server and have a correct username and auth-token that can be accepted by that server as fully authenticated user without requiring MFA again. The scenario that this feature is probably most useful when --management-client-auth is in use as in this mode the OpenVPN server can accept clients without username/password but still use --auth-gen-token with username and password to accept auth-token as alternative authentication. A client without a username will also not use the pushed auth-token. So setting/pushing an auth-token-user will ensure that the client has a username. Github: OpenVPN/openvpn#299 Change-Id: Ia4095518d5e4447992a2974e0d7a159d79ba6b6f Signed-off-by: Arne Schwabe <arne@rfc2549.org> Acked-by: Gert Doering <gert@greenie.muc.de> Message-Id: <20250311155904.4446-1-gert@greenie.muc.de> URL: https://www.mail-archive.com/openvpn-devel@lists.sourceforge.net/msg31091.html Signed-off-by: Gert Doering <gert@greenie.muc.de>