Better bad password prompt?

Nikos Mavrogiannopoulos nmav at gnutls.org
Sun Feb 16 13:20:30 EST 2014


On 02/16/2014 05:35 PM, Kevin Cernekee wrote:
> On Sun, Feb 16, 2014 at 7:32 AM, Nikos Mavrogiannopoulos
> <nmav at gnutls.org> wrote:
>> On 02/16/2014 10:25 AM, Steve wrote:
>>> AnyConnect iOS client, input wrong password when connect will lead to
>>> "unexpected error" after a long time(5-8s) other than reprompt user
>>> credential input.
>> What is the expected error to be sent from anyconnect servers when a
>> wrong password is sent?
> On ocserv I see a "503 Service Unavailable" response and the client gives up.
> On nearly all ASAs I see a "200 OK" HTTP response and a "Login failed"
> message.  Like a login form on a website.

It seems it was easier to fix than I though. I've now handled the same
way as PAM. The plain module allows for a number of failed attempts
before bailing out.

regards,
Nikos




More information about the openconnect-devel mailing list