reverse password and secondary_password?

Dave Walker email at daviey.com
Mon Jan 29 07:07:56 PST 2018


Hi,

I'm trying to connect to a VPN, which uses RSA.

I'm trying to connect with a variant of this command:
echo ${PASSWORD} | openconnect "${SERVER}" --authgroup ${GROUP} -u
"${USER}" --token-mode rsa

This provides a non-functional:
</opaque><auth><username>USERNAME</username><password>RSATOKEN</password><secondary_password>PASSWORD</secondary_password></auth><group-select>GROUP</group-select></config-auth>

However, if I do it via hand I am able to login:
</opaque><auth><username>USERNAME</username><password>PASSWORD</password><secondary_password>RSATOKEN</secondary_password></auth><group-select>GROUP</group-select></config-auth>

The password and secondary_password are reversed.

On this page it states the ordering:
http://www.infradead.org/openconnect/token.html

"SecurID token codes will automatically fill in the primary password
field in the authentication form presented by the server" ..  "This
behaviour is empirically determined by the requirements of the servers
that we have tested with; if you find a configuration in which it is
not appropriate, please let us know."

This mail is letting you know... is there a workaround?

--
Kind Regards,
Dave Walker



More information about the openconnect-devel mailing list