unable to use RSA SecureID on Unbuntu 14.04 LTS 64 bit

Kevin Cernekee cernekee at gmail.com
Thu Jul 17 16:43:48 PDT 2014

On Thu, Jul 17, 2014 at 4:26 PM, Mark Kolmar <mark at burningrome.com> wrote:
> The way the authentication works in AnyConnect is that I am prompted for a
> username and two passwords. The first password consists of a PIN (let's say
> 9999) plus a 6-digit token generated by stoken or RSA SecureID software on
> Windows. Let's say 123456. So the first password is like 9999123456. The 2nd
> password I think is just the Active Directory / LDAP password for the
> username. I used the token generated from stoken to connect successfully
> using AnyConnect in Windows. But I am not sure how to use these two
> passwords in OpenConnect, or whether this scenario is supported.

When you run "stoken show", what PIN mode does it report?

If you import your token seed into a mobile phone or the Windows RSA
app, does it prompt you for a PIN or does it immediately produce a
6-digit code upon launch?

I suspect that we may need to extend the stoken API to tell
openconnect that it needs to concatenate PIN + tokencode = passcode.
This is a common way of using hard tokens, but many soft tokens are
set up to generate an 8-digit tokencode that already incorporates the

> I gave up on NetworkManager-OpenConnect 0.9.10 because the GUI under Network Connections -> VPN was unavailable.

Hmm, that's not so good either.  When you linked nm-openconnect
0.9.10, was the latest libopenconnect.so.3 from the 6.00 release
already installed on your system?  Or is there a possibility that it
got built against the old libopenconnect.so.2?

More information about the openconnect-devel mailing list