Document reneweal mechanic of auth-token in manual

Our man page was missing the information that the life time of the auth-token also depends on the reneg-sec Acked-by: Gert Doering <[email protected]> Message-Id: <[email protected]> URL: https://www.mail-archive.com/[email protected]/msg19620.html Signed-off-by: Gert Doering <[email protected]>
aniancun · May 11, 2020 · b0c94af · b0c94af
1 parent 42fe3e8
commit b0c94af
Showing 1 changed file with 9 additions and 0 deletions.
diff --git a/doc/openvpn.8 b/doc/openvpn.8
@@ -3741,6 +3741,15 @@ argument defines how long the generated token is valid.  The
 lifetime is defined in seconds.  If lifetime is not set
 or it is set to 0, the token will never expire.
 
+The token will expire either after the configured lifetime of the token 
+is reached or after not being renewed for more than 2 *
+.B reneg\-sec
+seconds.  Clients will be sent renewed tokens on every
+TLS renogiation to keep the client's token updated.  This is done
+to invalidate a token if a client is disconnected for a sufficently long
+time, while at the same time permitting much longer token lifetimes for 
+active clients.
+
 This feature is useful for environments which is configured
 to use One Time Passwords (OTP) as part of the user/password
 authentications and that authentication mechanism does not