|
|
c0re dumped wrote:
> So, I did a shell script to do this and noticed a strange behavior:
>
> When I pass DOMAIN\USER on the XP client the '\' is replaced by an
> '_'. Is my client or my server that are doing this replacement ?
Per the man page's entry on auth-user-pass-verify:
"""
To protect against a client passing a maliciously formed username or
password string, the username string must consist only of these
characters: alphanumeric, underbar ('_'), dash ('-'), dot ('.'), or at
('@'). The password string can consist of any printable characters
except for CR or LF. Any illegal characters in either the username or
password string will be converted to underbar ('_').
"""
Since this is documented under auth-user-pass-verify rather than
auth-user-pass, I infer that this stripping is done server-side, and
that it might be bypassed by using an authentication plugin rather than
an authentication script. You'll need to verify such yourself, however.
______________________
OpenVPN mailing lists
https://lists.sourceforge.net/lists/listinfo/openvpn-users
|