From: Alon Bar-L. <alo...@gm...> - 2011-05-03 14:09:43
|
some notes.... 1. I guess you assume people are using administrator / root to run openvpn, which is unsafe, but gives you the pin prompt of openvpn. However, one that wants security (use tokens) will also be interested in other security methods. 2. You don't comment about the insecurity of opensc, and the requirement to lock the reader so no other application may use the authenticated token. 3. In order to solve (1) you need to use the management interface, which is the correct why to achieve this. 4. The management interface allows you to select a certificate out of the token, so you don't have to hardcode a specific identity within openvpn configuration. See [1]. [1] https://sites.google.com/site/alonbarlev/openvpn-pkcs11 openvpn-kde-dialogs.pl.bz2 2011/5/3 Jean-Michel Pouré - GOOZE <jm...@go...> > > Dear friends, > > Just a quick note that GOOZE published a HOWTO explaining how to set-up > OpenVPN with smartcards and security tokens: > > http://www.gooze.eu/howto/openvpn-with-smart-cards-crypto-tokens-howto > > All comments are welcome. > > Kind regards, > -- > Jean-Michel Pouré - Gooze - http://www.gooze.eu > > > ------------------------------------------------------------------------------ > WhatsUp Gold - Download Free Network Management Software > The most intuitive, comprehensive, and cost-effective network > management toolset available today. Delivers lowest initial > acquisition cost and overall TCO of any competing solution. > http://p.sf.net/sfu/whatsupgold-sd > _______________________________________________ > Openvpn-users mailing list > Ope...@li... > https://lists.sourceforge.net/lists/listinfo/openvpn-users |