From c24a22deea6e0bbe2b6f64c4f9aa0e3fff2d05e1 Mon Sep 17 00:00:00 2001 From: Fabio Napoleoni Date: Sat, 6 Feb 2016 21:38:26 +0100 Subject: [PATCH] Allow interactive usage --- bin/ovpn_otp_user | 12 +++++++++--- 1 file changed, 9 insertions(+), 3 deletions(-) diff --git a/bin/ovpn_otp_user b/bin/ovpn_otp_user index 090d7ac..3cf1c3e 100755 --- a/bin/ovpn_otp_user +++ b/bin/ovpn_otp_user @@ -22,6 +22,12 @@ fi # Ensure the otp folder is present [ -d /etc/openvpn/otp ] || mkdir -p /etc/openvpn/otp -# Bin is present in image, save an $user.google_authenticator file in /etc/openvpn/otp -/usr/bin/google-authenticator --time-based --disallow-reuse --force --rate-limit=3 --rate-time=30 --window-size=3 \ - "${1}@OpenVPN" -s /etc/openvpn/otp/${1}.google_authenticator +# Binary is present in image, save an $user.google_authenticator file in /etc/openvpn/otp +if [ "$2" == "interactive" ]; then + # Authenticator will ask for other parameters. User can choose rate limit, token reuse policy and time window policy + # Always use time base OTP otherwise storage for counters must be configured somewhere in volume + google-authenticator --time-based --force -l "${1}@OpenVPN" -s /etc/openvpn/otp/${1}.google_authenticator +else + google-authenticator --time-based --disallow-reuse --force --rate-limit=3 --rate-time=30 --window-size=3 \ + -l "${1}@OpenVPN" -s /etc/openvpn/otp/${1}.google_authenticator +fi \ No newline at end of file