Opened 10 years ago
Closed 9 years ago
#44041 closed enhancement (fixed)
openvpn2 @ 2.3.4 Expose configure option --enable-password-save
| Reported by: | vbourachot@… | Owned by: | jul_bsd@… |
|---|---|---|---|
| Priority: | Normal | Milestone: | |
| Component: | ports | Version: | |
| Keywords: | haspatch | Cc: | ryandesign (Ryan Carsten Schmidt) |
| Port: | openvpn2 |
Description
Expose openvpn configure option --enable-password-save via a variant.
Variant name and description in the diff are taken from the openvpn configure script.
Attachments (1)
Change History (11)
Changed 10 years ago by vbourachot@…
| Attachment: | Portfile-openvpn2.diff added |
|---|
comment:1 Changed 10 years ago by pixilla (Bradley Giesbrecht)
| Keywords: | haspatch added |
|---|---|
| Owner: | changed from macports-tickets@… to julien.touche@… |
comment:2 follow-up: 3 Changed 10 years ago by pixilla (Bradley Giesbrecht)
comment:3 follow-up: 4 Changed 10 years ago by vbourachot@…
Replying to pixilla@…:
Any reason to not add "--enable-password-save" to default configure args or add the enable_password_save variant to default_variants?
My 2 cents from what I could read from openvpn support forums:
A decision was made at some point to turn this feature off by default and allow enabling it via a configure option. I assume it was done on security concerns, since storing a passphrase or full credentials to a VPN in plain text is hardly a good security practice :)
However, for those 'VPN that don't matter' (e.g., internet anonymity services, as opposed to a company VPN) and only support password authentication, it's really handy. I think allowing the user to separately configure via an optional variant is a good compromise. If one specifically asks for the variant, then one should know the security implications of using the feature.
comment:4 follow-up: 5 Changed 10 years ago by pixilla (Bradley Giesbrecht)
Replying to vbourachot@…:
Replying to pixilla@…:
Any reason to not add "--enable-password-save" to default configure args or add the enable_password_save variant to default_variants?
My 2 cents from what I could read from openvpn support forums:
A decision was made at some point to turn this feature off by default and allow enabling it via a configure option. I assume it was done on security concerns, since storing a passphrase or full credentials to a VPN in plain text is hardly a good security practice :)
When built with "--enable-password-save" does openvpn automatically save passwords as plain text?
comment:5 Changed 10 years ago by vbourachot@…
Replying to pixilla@…:
When built with "--enable-password-save" does openvpn automatically save passwords as plain text?
No, but it allows you to save your credentials to a text file and have the client read your vpn credentials from it.
comment:6 Changed 10 years ago by jmroot (Joshua Root)
| Owner: | changed from julien.touche@… to jul_bsd@… |
|---|
comment:8 follow-up: 9 Changed 10 years ago by mf2k (Frank Schima)
| Milestone: | MacPorts Future |
|---|---|
| Version: | 2.3.0 |
comment:9 Changed 10 years ago by vbourachot@…
FYI - as of 2.3.5, --enable-password-save is enabled by default in the upstream configure.
$ ./configure --help
`configure' configures OpenVPN 2.3.5 to adapt to many kinds of systems.
...
--enable-password-save allow --askpass and --auth-user-pass passwords to be
read from a file [default=yes]
comment:10 Changed 9 years ago by ryandesign (Ryan Carsten Schmidt)
| Cc: | ryandesign@… added |
|---|---|
| Resolution: | → fixed |
| Status: | new → closed |
openvpn2 was updated to 2.3.8 in r141217, so that should take care of this request.
Any reason to not add "--enable-password-save" to default configure args or add the enable_password_save variant to default_variants?