OpenVPN Auth Passwd is a plugin that authenticates OpenVPN users using the local passwd or shadow files, using a privilege separation model.
OpenVPN Auth Passwd's authentication method must be defined in the Makefile prior to the compilation of the plugin.
On shadowed systems it uses the functions provided in the shadow suite and, on other systems, the getpwnam(3) function to verify the username/password.
The openvpn-auth-passwd module implements username/password authentication via the passwd files and, in the systems with shadow support, we use it. It is provided for systems that don't have PAM.
This module uses a split privilege execution model, the same used in the auth-pam and down-root plugins. That is, even if you drop the openvpn daemon privileges using the user, group, or chroot directives, the plugin still work.
To build openvpn-auth-passwd on systems that use shadow, you will need to have the shadow suite and it's devel headers installed.
On GNU systems build with the "make" command. In other systems you should install the GNU make, if you don't have it, and type "gmake". The module will be named openvpn-auth-passwd.so
To use this plugin module, add to your OpenVPN config file:
Run OpenVPN with --verb 7 or higher to get debugging output from this plugin.
This module is supposed to work on any *nix system but, more testing should be done. Right now it works in the Linux and OpenBSD.
There is no portable way to check if you are using the shadow suite or not. And, as we are not using autoconf to do this, you must manually set the USE_SHADOW directive in the Makefile. We assume by default that you are using it (the majority of linux distributions and sun). If you aren't (the majority of *bsd systems and others),
you should set it to 0.
What's New in This Release:
· Added a new funtion to check if the user belong to a given group or not.