how to make ocserv do totp 2FA?
Nikos Mavrogiannopoulos
nmav at gnutls.org
Mon May 18 14:29:44 PDT 2015
On Mon, 2015-05-18 at 14:16 -0700, Kevin Cernekee wrote:
> > Yes, and that's what you'll see in the message field. Maybe I could hash
> > that thing, and give a form 'name' that depends on that, but that would
> > be harder to interpret when the reply is sent.
> OpenConnect on Android already computes a hash that includes each form
> label, so it can remember different passwords for account password vs.
> OTP. It won't send the user's "Password:" password in response to a
> "One-time password (OATH) for `username':" prompt.
Is that for the input type's label or the message field in config-auth
section?
More information about the openconnect-devel
mailing list