Opened 10 years ago

Closed 9 years ago

#44041 closed enhancement (fixed)

openvpn2 @ 2.3.4 Expose configure option --enable-password-save

Reported by: vbourachot@… Owned by: jul_bsd@…
Priority: Normal Milestone:
Component: ports Version:
Keywords: haspatch Cc: ryandesign (Ryan Carsten Schmidt)
Port: openvpn2

Description

Expose openvpn configure option --enable-password-save via a variant.
Variant name and description in the diff are taken from the openvpn configure script.

Attachments (1)

Portfile-openvpn2.diff (577 bytes) - added by vbourachot@… 10 years ago.

Download all attachments as: .zip

Change History (11)

Changed 10 years ago by vbourachot@…

Attachment: Portfile-openvpn2.diff added

comment:1 Changed 10 years ago by pixilla (Bradley Giesbrecht)

Keywords: haspatch added
Owner: changed from macports-tickets@… to julien.touche@…

comment:2 Changed 10 years ago by pixilla (Bradley Giesbrecht)

Any reason to not add "--enable-password-save" to default configure args or add the enable_password_save variant to default_variants?

comment:3 in reply to:  2 ; Changed 10 years ago by vbourachot@…

Replying to pixilla@…:

Any reason to not add "--enable-password-save" to default configure args or add the enable_password_save variant to default_variants?

My 2 cents from what I could read from openvpn support forums:
A decision was made at some point to turn this feature off by default and allow enabling it via a configure option. I assume it was done on security concerns, since storing a passphrase or full credentials to a VPN in plain text is hardly a good security practice :)

However, for those 'VPN that don't matter' (e.g., internet anonymity services, as opposed to a company VPN) and only support password authentication, it's really handy. I think allowing the user to separately configure via an optional variant is a good compromise. If one specifically asks for the variant, then one should know the security implications of using the feature.

comment:4 in reply to:  3 ; Changed 10 years ago by pixilla (Bradley Giesbrecht)

Replying to vbourachot@…:

Replying to pixilla@…:

Any reason to not add "--enable-password-save" to default configure args or add the enable_password_save variant to default_variants?

My 2 cents from what I could read from openvpn support forums:
A decision was made at some point to turn this feature off by default and allow enabling it via a configure option. I assume it was done on security concerns, since storing a passphrase or full credentials to a VPN in plain text is hardly a good security practice :)

When built with "--enable-password-save" does openvpn automatically save passwords as plain text?

comment:5 in reply to:  4 Changed 10 years ago by vbourachot@…

Replying to pixilla@…:

When built with "--enable-password-save" does openvpn automatically save passwords as plain text?

No, but it allows you to save your credentials to a text file and have the client read your vpn credentials from it.

comment:6 Changed 10 years ago by jmroot (Joshua Root)

Owner: changed from julien.touche@… to jul_bsd@…

comment:7 Changed 10 years ago by jul_bsd@…

good for me.

comment:8 Changed 10 years ago by mf2k (Frank Schima)

Milestone: MacPorts Future
Version: 2.3.0

comment:9 in reply to:  8 Changed 10 years ago by vbourachot@…

FYI - as of 2.3.5, --enable-password-save is enabled by default in the upstream configure.

$ ./configure --help
`configure' configures OpenVPN 2.3.5 to adapt to many kinds of systems.
...
  --enable-password-save  allow --askpass and --auth-user-pass passwords to be
                          read from a file [default=yes]

comment:10 Changed 9 years ago by ryandesign (Ryan Carsten Schmidt)

Cc: ryandesign@… added
Resolution: fixed
Status: newclosed

openvpn2 was updated to 2.3.8 in r141217, so that should take care of this request.

Note: See TracTickets for help on using tickets.