|
|
Alexander Littell wrote: > How difficult would it be to program the openvpn-status.log to show > usernames instead of common names? Or maybe both. Any thoughts on how to > do this? > > I could be wrong, but I would guess that most OpenVPN administrators are > using username/password pairs instead of certificates to authenticate their > clients. Well, I do anyway. :) I'm assuming "openvpn-status.log" is the file created by the status directive (different folks can call it different things -- and it has two different formats available). I believe that already *will* show usernames if you have username-as-common-name specified; is this understanding incorrect? In any event, while I request both usernames and certificates, the certificates are more useful in logs (as our certificates specify an individual machine as well as the user who owns that machine, whereas the usernames specify only the individual who owns the machine but not the specific host). Are you using username-as-common-name? How about duplicate-cn? (It's much better to have unique certificates -- but if you're authenticating by username and aren't using certificates properly, using username-and-common-name and not duplicate-cn should give you more management control than using duplicate-cn and leaving off username-as-common-name, as in this latter case you can't identify individual clients for disconnect commands or such). I think that this subthread belongs in openvpn-users rather than openvpn-devel. I'm sending it to both; please reply only in openvpn-users. ______________________ OpenVPN mailing lists https://lists.sourceforge.net/lists/listinfo/openvpn-devel |