Mixed up password/secondary_password

David Woodhouse dwmw2 at infradead.org
Sat Jun 4 02:24:27 PDT 2016


On Sat, 2016-06-04 at 18:17 +1000, Kadrach wrote:
> 
> Watching the dumped http traffic, I can see that openconnect posts the
> one-time token in the password field, and my "main" password in the
> secondary password field.

Hm, it looks like all previous users have had that the other way
round... or maybe have had *only* a tokencode in the 'password' field.

If the latter, we can maybe cope with that by putting it in the
secondary_password field if that exists, or in the password field if
not. Otherwise, we might have to introduce a config option.

Kevin?

-- 
dwmw2
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/x-pkcs7-signature
Size: 5760 bytes
Desc: not available
URL: <http://lists.infradead.org/pipermail/openconnect-devel/attachments/20160604/6e923375/attachment.bin>


More information about the openconnect-devel mailing list