password request loop
David Woodhouse
dwmw2 at infradead.org
Wed May 16 02:51:40 EDT 2012
On Tue, 2012-05-15 at 18:05 -0700, Jeffrey May wrote:
> Is there a way to tell openconnect to just fail if a user enters the
> wrong password instead of re-prompting? I want to pass in the
> password via stdin (--passwd-on-stdin) using a script or web page
> (some front-end UI) and have openconnect immediately fail if the
> password is wrong and return an error code.
Hm, isn't this what commit 54a9bae8 does?
http://git.infradead.org/users/dwmw2/openconnect.git/commitdiff/54a9bae8
> Instead openconnect prompts for the password repeatedly. I've tried
> the --non-inter option but that disabled passing the password via
> stdin.
Sounds like a bug. Quick test... it accepts the password, then doesn't
*use* it, right? Saying "Asked for password but '--no-passwd' set".
I'll fix that. Probably in a few hours when I am baby-free. Patches
welcome.
> Or is there a better to provide a front-end UI? Thanks.
In the general case? Yes, absolutely. You shouldn't be assuming that
it's just username and password. The server can present arbitrary web
forms, and they can be different every time. If you want to do an
authentication mechanism that's useful for everyone, rather than just
your own server that you *know* does just username/password, then you
probably ought to be using the libopenconnect library to obtain your
cookie first (in the user's session), and then handing the cookie to
openconnect to make the actual connection.
--
dwmw2
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/x-pkcs7-signature
Size: 6171 bytes
Desc: not available
URL: <http://lists.infradead.org/pipermail/openconnect-devel/attachments/20120516/d4e4de19/attachment.bin>
More information about the openconnect-devel
mailing list