about AUTHENTICATION mode plain

lee horsley imhorsley at gmail.com
Sun Nov 30 03:53:15 PST 2014

I am using another vpn which is powered by offical Cisco ASA Firewall,
That's prompt the username and password  together. The client config was
the same as the one using ocserv, plain username and password.

Actually, that's service was using an one-time password and the password
was transfered through the connect url, so end-user just open a website and
do login stuff and finally the website redirect to the connect url as
I mentioned
above. The connect url contained pre-fill username and password so end-user
neither need to care about the password nor input the password.

But while using ocserv with plain auth mode, the connect url was not working
and end-user must input the password manually. And I found the username was
pre-fill ok, it becomes prompt one time for password only instead of two prompt,
username and password. So I am thinking about if we send the auth form
including username and password field together, the client will act
pre-fill well.

As I was not using the certificate auth mode, end-user need to input
the password
manually, that's quite annoying

2014-11-30 17:21 GMT+08:00 Nikos Mavrogiannopoulos <nmav at gnutls.org>:
> On Sun, 2014-11-30 at 04:37 +0000, horsley wrote:
>> I want to ask why ocserv using plain authentication response the auth xml in two
>> step?
>> first is Please enter your username
> [...]
>> it's still prompt for password.(username is prefill ok but password are not)
>> so why not send the complete auth request including user and password in
>> the xml form together?
> Hi,
>  If I understand what you are describing correctly, that was done in
> early versions of ocserv. However, that does not tie well with PAM which
> has its own prompts, which may even prompt to change a password. So the
> short answer, is so that it can be integrated with PAM.
> regards,
> Nikos

More information about the openconnect-devel mailing list