[PATCH v2 2/2] documentation for the new --token-field option

[Dan Lenski]

Signed-off-by: Dan Lenski <dlenski at gmail.com>
---
 openconnect.8.in | 20 ++++++++++++++++++++
 1 file changed, 20 insertions(+)

diff --git a/openconnect.8.in b/openconnect.8.in
index eee716f..ae4d0b6 100644
--- a/openconnect.8.in
+++ b/openconnect.8.in
@@ -59,6 +59,7 @@ openconnect \- Connect to Cisco AnyConnect VPN
 .OP \-\-passwd\-on\-stdin
 .OP \-\-token\-mode mode
 .OP \-\-token\-secret {secret\fR[\fI,counter\fR]|@\fIfile\fR}
+.OP \-\-token\-field [+]FIELD
 .OP \-\-reconnect\-timeout
 .OP \-\-resolve host:ip
 .OP \-\-servercert sha1
@@ -456,6 +457,25 @@ If this option is omitted, and \-\-token\-mode is
 .B ~/.stokenrc
 by the "stoken import" command.
 .TP
+.B \-\-token\-field=[+]FIELD
+The form field in which the one-time password/code should be inserted.
+By default, RSA SecurID codes are inserted into password fields named
+.B password
+or
+.BR answer ,
+while OATH-based codes are inserted into password fields named
+.BR secondary_password .
+
+With a leading
+.IR + ,
+the named field will hold the user's password, along with the one-time
+code appended to it. For example, with
+.B --token-field=+passcode
+a form field named
+.B passcode
+will receive the user's password and the one-time code concatenated
+together.
+.TP
 .B \-\-reconnect\-timeout
 Keep reconnect attempts until so much seconds are elapsed. The default
 timeout is 300 seconds, which means that openconnect can recover
-- 
2.5.0