Opened 14 years ago
Closed 13 years ago
#38 closed Bug / Defect (notabug)
U/P auth to server fails: Environment Variable missing!
Reported by: | Samuli Seppänen | Owned by: | |
---|---|---|---|
Priority: | major | Milestone: | |
Component: | Generic / unclassified | Version: | OpenVPN 2.1.0 / 2.1.1 (Community Ed) |
Severity: | Not set (select this one, unless your'e a OpenVPN developer) | Keywords: | |
Cc: |
Description
Hi,
I‘m currently writing a tool for OpenVPN for User/Password? authentication on the server. While I did this I found this bug (in version 2.1.1):
I added this to the server config:
Script-security 2
Auth-user-pass-verify “c:
Program Files
OpenVPN
MyProgram?.exe” via-env
With this setting the username and password entered by the user are committed to my program via Environment variables.
This works well with OpenVPN v2.0.9 but NOT with OpenVPN v2.1.1: There is only committed the environment variable “username”, the variable “password” misses!!
So the option via-env does not work with the newest version of OpenVPN, one have to use the option via-file, which is much more insecure!
I hope I could help you and you can fix this bug,
Thanks,
Frank Wendel
PS:
v2.0.9 EnvVariables? Screenshot: http://picfront.de/d/7Ct2
v2.1.1 EnvVariables? Screenshot: http://picfront.de/d/7Ct3
Change History (3)
comment:1 Changed 14 years ago by
comment:2 Changed 13 years ago by
this is an RTFM issue: with
script-security 2
passwords are not allowed to be passed via env vars. Use
script-security 3
for that.
comment:3 Changed 13 years ago by
Resolution: | → notabug |
---|---|
Status: | new → closed |
Originally reported to SF.net bug tracker by somebody (anonymous).