how to make ocserv do totp 2FA?
Nikos Mavrogiannopoulos
nmav at gnutls.org
Mon May 18 13:17:55 PDT 2015
On Mon, 2015-05-18 at 13:13 -0700, Kevin Cernekee wrote:
> BTW you'll probably want to make sure something in the login form
> (e.g. the password prompt) distinguishes between the alphanumeric
> password entry and the OTP entry. Both for user interaction reasons,
> and because OpenConnect wants to be able to uniquely identify each
> form field in order to save passwords locally.
That cannot be really done with PAM, or I can't think of a simple way to
do it. You only get prompts with a message, and you don't know if PAM
asks the same password again or a new one. What may be distinct in the
form that ocserv sends is the <message/> field.
regards,
Nikos
More information about the openconnect-devel
mailing list