I want to implement username and password authentication for my OpenVPN users. So there will be multiple users, where to store all these usernames and passwords and how to verify them?
Asked
Active
Viewed 964 times
2 Answers
0
The point of auth-user-pass-verify is you can choose however you want to verify your users. Here are some more popular answers:
- with user / pass of users on the system on which openvpn is installed (pam)
- using ldap and connecting to a windows corporate domain
- a third party authentication service like Okta or google.
Write whatever script you like to take the username / password information you receive and perform the relevant authentication steps.
2ps
- 15,099
- 2
- 27
- 47
0
I used a custom python script and database to verify the username and password.
#!/usr/bin/env python3
import sys
import sqlite3
DB_FILE = 'openvpn_dashboard/db.sqlite3'
def main():
# First arg is a tmp file with 2 lines: username and password
with open(sys.argv[1], 'r') as tmpfile:
username = tmpfile.readline().rstrip('\n')
password = tmpfile.readline().rstrip('\n')
creds = get_password(username)
if not creds:
print(f'>> user {username} not defined.')
sys.exit(2)
# Verify password.
if password != creds[0][1]:
print(f'>> Bad password provided by user {username}.')
sys.exit(3)
sys.exit(0)
def get_password(username):
db = sqlite3.connect(DB_FILE)
cursor = db.cursor()
cursor.execute('''select username, password from openvpn_openvpnuser where username=?''', (username,))
creds = cursor.fetchall()
db.close()
return creds
if __name__ == '__main__':
main()
Msvstl
- 1,116
- 5
- 21
-
1Ping me if anyone want more details about the implementation – Msvstl Dec 13 '21 at 15:31