[PATCH] request otp password always as secondary_password
Andrew Karpow
andy at ndyk.de
Wed Jun 1 10:23:48 PDT 2016
This fixes the openconnect --token-mode in conjunction with ocserv's OATH and password file.
Otherwise the openconnect client is not able to distinguish a normal password prompt from the OTP request.
Signed-off-by: Andrew Karpow <andy at ndyk.de>
---
src/auth/plain.c | 6 +++++-
1 file changed, 5 insertions(+), 1 deletion(-)
diff --git a/src/auth/plain.c b/src/auth/plain.c
index 55cd1a0..2c65d8a 100644
--- a/src/auth/plain.c
+++ b/src/auth/plain.c
@@ -367,7 +367,11 @@ static int plain_auth_msg(void *ctx, void *pool, passwd_msg_st *pst)
if (pctx->pass_msg)
pst->msg_str = talloc_strdup(pool, pctx->pass_msg);
- pst->counter = 0; /* we support a single password */
+
+ if(pctx->cpass[0] == 0)
+ pst->counter = 1; /* request otp as password_secondary */
+ else
+ pst->counter = 0; /* we support a single password */
/* use the default prompt */
return 0;
--
2.8.3
More information about the openconnect-devel
mailing list