Add an option for stricter OpenVPN ssl/tls+user auth checking
Currently, we don't verify that the common name of the certificate matches the username being used for login. This means that if someone has a valid server certificate, they can then use any valid username/password combination to get into the server. This may be good for some scenarios, but in more strict environments it wouldn't be acceptable.
We should add a checkbox on the OpenVPN server configuration for this scenario to allow users to enable the more strict checks.
The auth-user-pass-verify script we have could read this setting and run the test before querying the backend authentication server.
Add backend code to verify username against cn on login if set by user. Needs GUI code to set the option yet. Ticket #887