On Wed, Mar 09, 2016 at 10:45:59PM +0100, Hans Witvliet wrote:
This afternoon @work, i had to compare different openvpn-setups. For years I used openvpn on opensuse or sles without the need to recompile myself for funky options.
However, today I wasn't pleased. I found that the compile-option pkcs11 had been turned off. (openvpn-2.3.6 @SLE_11_SP3, from the OBS)
OBS network:vpn/openvpn or which project/ package? OBS network:vpn/openvpn is at 2.3.10. So please ensure to state about which project you're talking.
Effectively, this means that strong two-factor-authentication is not possible anymore without recompiling. A very serious step back with regards to security. For some it would turn this rpm useless.
Can anyone elaborate if this was a SuSE decision? If so, why?
From OBS network:vpn/openvpn there is nothing obvious which turns pkcs11 off. Neither from the spec file, package change log, or the build log. Cheers, Lars -- Lars Müller [ˈlaː(r)z ˈmʏlɐ] Samba Team + SUSE Labs SUSE Linux, Maxfeldstraße 5, 90409 Nürnberg, Germany