diff options
author | pneubeck <pneubeck@chromium.org> | 2014-10-07 02:17:39 -0700 |
---|---|---|
committer | Commit bot <commit-bot@chromium.org> | 2014-10-07 09:17:55 +0000 |
commit | 5a85abfe99e683da34ba16115f063241fdae2acb (patch) | |
tree | 882659078feefae631eca6dc187b82450081a6ee /components/onc/docs | |
parent | fb66cb4f9b6e380fa4b52301dee993b0b7b3b994 (diff) | |
download | chromium_src-5a85abfe99e683da34ba16115f063241fdae2acb.zip chromium_src-5a85abfe99e683da34ba16115f063241fdae2acb.tar.gz chromium_src-5a85abfe99e683da34ba16115f063241fdae2acb.tar.bz2 |
Add OpenVPN OTP and UserAuthenticationType fields to ONC.
Reland of https://codereview.chromium.org/560863002/ which the CQ failed to commit correctly.
This does not adapt the UI to respect the policy's UserAuthenticationType, yet.
BUG=347916
TBR=stevenjb@chromium.org
TEST=Ensured that a previously working policy pushed OpenVPN network still works.
Review URL: https://codereview.chromium.org/632223002
Cr-Commit-Position: refs/heads/master@{#298431}
Diffstat (limited to 'components/onc/docs')
-rw-r--r-- | components/onc/docs/onc_spec.html | 72 |
1 files changed, 70 insertions, 2 deletions
diff --git a/components/onc/docs/onc_spec.html b/components/onc/docs/onc_spec.html index 6a42ae0..f4e70c8 100644 --- a/components/onc/docs/onc_spec.html +++ b/components/onc/docs/onc_spec.html @@ -1231,13 +1231,40 @@ to <span class="value">server</span> if set. </dd> + <dt class="field">OTP</dt> + <dd> + <span class="field_meta"> + (optional if <span class="field">UserAuthenticationType</span> is + <span class="value">OTP</span>, + <span class="value">PasswordAndOTP</span> or unset, otherwise ignored, + defaults to empty string) + <span class="type">string</span> + </span> + If <span class="field">UserAuthenticationType</span> is + <span class="value">OTP</span> or <span class="value">PasswordAndOTP</span> + and this field is not set, the user will be asked for an OTP. + The OTP is never persisted and must be provided on every connection + attempt. + </dd> + <dt class="field">Password</dt> <dd> <span class="field_meta"> - (optional) + (optional if <span class="field">UserAuthenticationType</span> is + <span class="value">Password</span>, + <span class="value">PasswordAndOTP</span> or unset, otherwise ignored, + defaults to empty string) <span class="type">string</span> </span> - XAUTH password. If not specified, user is prompted at time of connection. + If <span class="field">UserAuthenticationType</span> is + <span class="value">Password</span> or + <span class="value">PasswordAndOTP</span> and this field is not set, the user + will be asked for a password. + If <span class="field">SaveCredentials</span> is + <span class="value">true</span>, the password is persisted for future + connection attempts. Otherwise it is not persisted but might still be + reused for consecutive connection attempts (opposed to an OTP, which will + never be reused). </dd> <dt class="field">Port</dt> @@ -1396,6 +1423,47 @@ name equal to this string. </dd> + <dt class="field">UserAuthenticationType</dt> + <dd> + <span class="field_meta"> + (optional, defaults to <span class="value">None</span>) + <span class="type">string</span> + </span> + <span class="rule"> + <span class="rule_id"></span> + Allowed values are <span class="value">None</span>, + <span class="value">Password</span>, + <span class="value">PasswordAndOTP</span> and + <span class="value">OTP</span>. + </span> + Determines the required form of user authentication: + <ul><li> + <span class="value">PasswordAndOTP</span>: This VPN requires a password + and an OTP (possibly empty). Both will be send to the server in the + 'password' response using the SCRv1 encoding. + </li><li> + <span class="value">Password</span>: This VPN requires only a password, + which will be send without modification to the server in the 'password' + response (no CRv1 or SCRv1 encoding). + </li><li> + <span class="value">OTP</span>: This VPN requires only an OTP, which + will be send without modification to the server in the 'password' + response (no CRv1 or SCRv1 encoding). + </li><li> + <span class="value">None</span>: Neither password nor OTP are required. + No password request from the server is expected. + </li></ul> + If not set, the user can provide a password and an OTP (both not + mandatory) and the network manager will send both in the SCRv1 encoding, + when the server sends a static-challenge. If the server does not send a + static-challenge, the client will reply with only the password (without + any encoding). This behavior is deprecated and new configurations should + explicitly set one of the above values. + + See the fields <span class="field">Password</span> and + <span class="field">OTP</span> for configuring the password and OTP. + </dd> + <dt class="field">Username</dt> <dd> <span class="field_meta"> |