RFCv3: Yubikey authentication for OpenVPN
(too old to reply)
Steven Haigh
2017-07-08 04:45:55 UTC
Raw Message
Hi all,

I have attached this script for comment to be considered for inclusion in the
contrib section of openvpn to use the Yubico Yubicloud authentication for the
Yubikey OTP.

Setup instructions are included in the top of the script file.

There is a current patch pending merging to fix client operation for auth
tokens by ordex and dazo.

Ticket details:

Changes since v1:
* We now generate a completely random token by reading 128 bytes from /dev/
random and base64 encoding it - not partially created from connection
* Tokens are now stored in a token store file

Changes since v2:
* Multiple operations running at the exact same time could lead to lost
tokens. The file lock (LOCK_EX) now applies from when we read in the token
store until the file is closed after a write. This should stop any in-flight
read/write conflicts losing tokens.

Happy to receive feedback on the script, its operation, or implementation.
Steven Haigh

📧 ***@crc.id.au 💻 http://www.crc.id.au
📞 +61 (3) 9001 6090 📱 0412 935 897