Using the PAM authentication plugin
A very useful plugin for OpenVPN is a plugin to validate a username using the Linux/UNIX PAM authentication system. PAM stands for Pluggable Authentication Modules and is a very modular system for allowing users access to system resources. It is used by most modern Linux and UNIX variants, offering a very flexible and extendible system for authenticating and authorizing users. In this recipe, we will use the PAM authentication plugin as a replacement of an auth-user-pass-verify script to validate a remote user's credentials against the system PAM configuration.
Getting ready
Set up the client and server certificates using the first recipe from Chapter 2, Client-server IP-only Networks. For this recipe, the server computer was running CentOS 5 Linux and OpenVPN 2.1.1. The client was running Windows 2000 and OpenVPN 2.1.1.
How to do it...
Create the server configuration file:
proto udp port 1194 dev tun server 192.168.200.0 255.255.255.0 ca /etc/openvpn...
