how to make ocserv do totp 2FA?

Nikos Mavrogiannopoulos nmav at gnutls.org
Mon May 18 23:51:41 PDT 2015


On Tue, May 19, 2015 at 6:10 AM, Kevin Cernekee <cernekee at gmail.com> wrote:
>> Is that for the input type's label or the message field in config-auth
>> section?
> Label only.  AFAICT it is using the message field for display purposes
> only, not as part of the hash.

I'm wondering whether setting the label to that string or changing the
name would actually help the client. I don't think that's the case. If
you receive a second prompt for a password with the same label/name a
pop up would have to be brought anyway because it is either the first
input password that is wrong, or an otp. Also, even if ocserv would
provide a unique name, it wouldn't help in the otp case if you
remember and send both passwords in batch mode. Maybe it would make
sense to remember only the first password prompt in batch mode, and
become interactive otherwise?



More information about the openconnect-devel mailing list