Better bad password prompt?
Steve
steve at thupdi.net
Sun Feb 16 13:42:35 EST 2014
Now it's much much better :)
On Mon, Feb 17, 2014 at 2:20 AM, Nikos Mavrogiannopoulos
<nmav at gnutls.org> wrote:
> On 02/16/2014 05:35 PM, Kevin Cernekee wrote:
>> On Sun, Feb 16, 2014 at 7:32 AM, Nikos Mavrogiannopoulos
>> <nmav at gnutls.org> wrote:
>>> On 02/16/2014 10:25 AM, Steve wrote:
>>>> AnyConnect iOS client, input wrong password when connect will lead to
>>>> "unexpected error" after a long time(5-8s) other than reprompt user
>>>> credential input.
>>> What is the expected error to be sent from anyconnect servers when a
>>> wrong password is sent?
>> On ocserv I see a "503 Service Unavailable" response and the client gives up.
>> On nearly all ASAs I see a "200 OK" HTTP response and a "Login failed"
>> message. Like a login form on a website.
>
> It seems it was easier to fix than I though. I've now handled the same
> way as PAM. The plain module allows for a number of failed attempts
> before bailing out.
>
> regards,
> Nikos
>
More information about the openconnect-devel
mailing list