how to make ocserv do totp 2FA?
David Woodhouse
dwmw2 at infradead.org
Tue May 19 07:31:27 PDT 2015
On Tue, 2015-05-19 at 08:51 +0200, Nikos Mavrogiannopoulos wrote:
> On Tue, May 19, 2015 at 6:10 AM, Kevin Cernekee <cernekee at gmail.com> wrote:
> > > Is that for the input type's label or the message field in config-auth
> > > section?
> > Label only. AFAICT it is using the message field for display purposes
> > only, not as part of the hash.
>
> I'm wondering whether setting the label to that string or changing the
> name would actually help the client. I don't think that's the case. If
> you receive a second prompt for a password with the same label/name a
> pop up would have to be brought anyway because it is either the first
> input password that is wrong, or an otp. Also, even if ocserv would
> provide a unique name, it wouldn't help in the otp case if you
> remember and send both passwords in batch mode. Maybe it would make
> sense to remember only the first password prompt in batch mode, and
> become interactive otherwise?
Remember, if we can *recognise* an OTP prompt, we can automatically
fill in the OTP too. It doesn't have to be interactive.
--
David Woodhouse Open Source Technology Centre
David.Woodhouse at intel.com Intel Corporation
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/x-pkcs7-signature
Size: 5691 bytes
Desc: not available
URL: <http://lists.infradead.org/pipermail/openconnect-devel/attachments/20150519/322a13c3/attachment.bin>
More information about the openconnect-devel
mailing list