VPN gateway requests two passwords.

[Chaskiel Grundman]

> Any chance of pointing the Cisco client at a normal web server with this
> kind of form on it, so we can tweak the form and see what the client
> does? Maybe we can work out the logic that way?
I have done some of this testing.

input elements with second-auth="1" are not displayed if a select with 
name="group_list" is found. If either condition is not met, the elements 
are displayed. (the noaaa attribue does not have any visible effect). When 
the client POSTS, it includes those parameters with empty values.

(I have additionally found that it recognizes name="username", 
name="password", name="secondary_username", name="secondary_password", and 
name="group_list". When it finds an element with one of those names, it 
uses a fixed label, not the one provided, for those elements. I presume 
this is done for localization purposes)