Getting PAM Authentication to work
Client side:
# Prompt for username/password at startup time
auth-user-pass
Server side:
# This enables username/password checks.
plugin /usr/share/openvpn/plugin/lib/openvpn-auth-pam.so system-auth
Note that this is a change; the old setting of
# This used to enable username/password checks -- it no longer works!
plugin /usr/share/openvpn/plugin/lib/openvpn-auth-pam.so login
...no longer seems to work.
Note that this means you have to start your openvpn client with an interface which permits you to be prompted for the username and password combination; the only one I know about is the openvpn command line client itself. Notably the SLED one for SLED 10.0 didn't work.