how to make ocserv do totp 2FA?
Kevin Cernekee
cernekee at gmail.com
Mon May 18 21:10:55 PDT 2015
On Mon, May 18, 2015 at 2:29 PM, Nikos Mavrogiannopoulos
<nmav at gnutls.org> wrote:
> On Mon, 2015-05-18 at 14:16 -0700, Kevin Cernekee wrote:
>
>> > Yes, and that's what you'll see in the message field. Maybe I could hash
>> > that thing, and give a form 'name' that depends on that, but that would
>> > be harder to interpret when the reply is sent.
>> OpenConnect on Android already computes a hash that includes each form
>> label, so it can remember different passwords for account password vs.
>> OTP. It won't send the user's "Password:" password in response to a
>> "One-time password (OATH) for `username':" prompt.
>
> Is that for the input type's label or the message field in config-auth
> section?
Label only. AFAICT it is using the message field for display purposes
only, not as part of the hash.
More information about the openconnect-devel
mailing list