Plain Auth with PIN + OTP

Lance LeFlore lance at
Thu Apr 14 13:50:46 PDT 2016


I'm trying to configure plain auth using PIN + OTP. However, ocserv
seems to be telling me that there are too many digits in the string
I'm providing on the client (openconnect v5.02) end. Providing the OTP
without the PIN allows the user to authenticate successfully
(regardless of what's in column 3 of users.oath).

FWIW, I've also tried using a shorter (2 digit) PIN + OTP with no success.

auth = "plain[passwd=/etc/ocserv/passwd,otp=/etc/ocserv/users.oath]"

HOTP bob 1234 xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx

"plain-auth: OTP auth failed for 'bob': Unsupported number of OTP digits"

ocserv --version:
ocserv 0.11.1

Compiled with seccomp, tcp-wrappers, oath, gssapi, PAM, PKCS#11, AnyConnect,
GnuTLS version: 3.3.22


More information about the openconnect-devel mailing list