[OpenVPN home] [Date Prev] [Date Index] [Date Next]
[OpenVPN mailing lists] [Thread Prev] [Thread Index] [Thread Next]
Google
 
Web openvpn.net

Re: [Openvpn-users] Certificate common name & auth-user-pass-verify

  • Subject: Re: [Openvpn-users] Certificate common name & auth-user-pass-verify
  • From: Nuno Marques <nmarques@xxxxxxxxxxx>
  • Date: Fri, 03 Feb 2006 15:16:26 +0000
Alon Bar-Lev wrote:

> Nuno Marques wrote:
>
>> Hi,
>>
>> do anyone knows a way to verify that the common name in a certificate is
>> equal to the username sent  when prompted by the auth-user-pass-verify
>> option?
>>
>> The only way I can think of is writing the username to a file in the
>> auth-user-pass-verify script, and then having another script that knows
>> the certificate details to compare both fields. But I don't know how to
>> execute a script having the certificate details passed as an argument.
>> Is it possible?
>>
>> TIA,
>>
>> Nuno Marques
>>
>
> Hello,
>
> Maybe I don't understand...
>
> Why do you mix username and certificate? If you give a different
> certificate for each user it should be sufficient.
>
> Best Regards,
> Alon Bar-Lev.
>
>
> -------------------------------------------------------
> This SF.net email is sponsored by: Splunk Inc. Do you grep through log
> files
> for problems?  Stop!  Download the new AJAX search engine that makes
> searching your log files as easy as surfing the  web.  DOWNLOAD SPLUNK!
> _______________________________________________
> Openvpn-users mailing list
> Openvpn-users@xxxxxxxxxxxxxxxxxxxxx
> https://lists.sourceforge.net/lists/listinfo/openvpn-users
>
Hi,

I'm giving a different certificate to each user, and all the
ceertificates have the correct username in them, but I also need the
username/password to validate the user in the Active Directory, so it
can happen that one user have one certificate with common name John Doe,
but when asked for user/pass to perform validation in the AD puts Robert
Doe.

If the Robert Doe user exists in the AD and the password entered is
correct, that user will login with an ID different of the one present in
the certificate.

Thanks,

Nuno Marques

-- 

Nuno Marques <nmarques@xxxxxxxxxxx>
Administração de Sistemas DI-FCUL
Faculdade de Ciências da Universidade de Lisboa
Campo Grande - Edificio C6 - Piso 3



-------------------------------------------------------
This SF.net email is sponsored by: Splunk Inc. Do you grep through log files
for problems?  Stop!  Download the new AJAX search engine that makes
searching your log files as easy as surfing the  web.  DOWNLOAD SPLUNK!
Openvpn-users mailing list
Openvpn-users@xxxxxxxxxxxxxxxxxxxxx
https://lists.sourceforge.net/lists/listinfo/openvpn-users