|
|
Den onsdag 5.apr kl. 9:57 skrev Tony:
On Wed, 05 Apr 2006 10:24:27 +0400, Jon Bendtsen
<jon.bendtsen@xxxxxxxxxx> wrote:
I use it with OpenVPN GUI and eToken. The account is non-admin
one.
eToken? is that some hardware thing that stores the certificate?
Does the GUI actually ask for a password for that thing?
Yes, works nicely for me.
Here's how I did it:
# SSL/TLS parms.
# See the server config file for more
# description. It's best to use
# a separate .crt/.key file pair
# for each client. A single ca
# file can be used for all clients.
ca ca.crt
cryptoapicert "THUMB:5a 74 7b 2d 58 c2 d0 9e e6 b9 8d 47 96 c0 60
c0 5a e4 2a 82"
aha, i used --pkcs11
Then an Aladdin's window pops up to ask a token's password and then
the RSA key's passphraze.
how nice :-)
I'm trying to secure this installation and so far I see some
strange
things:
1) "ta.key" file must be accessible for a non-admin user. Why? I
thought this file is for openvpn.exe's use as the service. It
should not be user-accessible, should it?
Can you suggest why I must make "ta.key" be user-accessible?
I do not like this.
i'm sorry, i dont know why. But maybe it is started as that user and
later
switch to another user
JonB
____________________________________________
Openvpn-users mailing list
Openvpn-users@xxxxxxxxxxxxxxxxxxxxx
https://lists.sourceforge.net/lists/listinfo/openvpn-users
|