OpenVPN Auth Passwd plugin verifies OpenVPN users through the passwd or shadow files available locally.
OpenVPN Auth Passwd is designed to work well with shadowed systems, and uses functions provided by the shadow suite to verify the username/password. If you're using another system, the plugin will utilize the getpwnam(3) function instead. This module is provided for systems that don't have PAM.
The software uses a split privilege execution model, much like the auth-pam and down-root plugins. This means that even if you drop the openvpn daemon privileges using the user, group, or chroot directives, the plugin will still work.
To build the openvpn-auth-passwd module, you'll need to ensure that the shadow suite and its devel headers are installed. On GNU systems, you can build with the "make" command. For other systems, you may need to install GNU make and use the "gmake" command. The module will be named openvpn-auth-passwd.so.
To use this plugin module, you'll need to add the appropriate code to your OpenVPN config file. To get debugging output from the plugin, run OpenVPN with --verb 7 or higher.
It's important to note that this software is still being tested on different *nix systems. While it's currently working well on Linux and OpenBSD, more testing is needed to ensure broad compatibility. Additionally, there is no portable way to check if you're using the shadow suite or not. You'll need to manually set the USE_SHADOW directive in the Makefile. By default, the plugin assumes that you're using it, but you can set it to 0 if you're using a different system.
Overall, this is an excellent plugin that is well-suited for anyone who needs to authenticate OpenVPN users with local passwd or shadow files. The most recent release includes a new function for checking if a user belongs to a given group.
Version 1.1: N/A