Plain Auth with PIN + OTP
Lance LeFlore
lance at 3t218.org
Thu Apr 14 13:50:46 PDT 2016
Hi,
I'm trying to configure plain auth using PIN + OTP. However, ocserv
seems to be telling me that there are too many digits in the string
I'm providing on the client (openconnect v5.02) end. Providing the OTP
without the PIN allows the user to authenticate successfully
(regardless of what's in column 3 of users.oath).
FWIW, I've also tried using a shorter (2 digit) PIN + OTP with no success.
/etc/ocserv/ocserv.conf:
...
auth = "plain[passwd=/etc/ocserv/passwd,otp=/etc/ocserv/users.oath]"
...
/etc/ocserv/users.oath:
HOTP bob 1234 xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
Error:
"plain-auth: OTP auth failed for 'bob': Unsupported number of OTP digits"
ocserv --version:
ocserv 0.11.1
Compiled with seccomp, tcp-wrappers, oath, gssapi, PAM, PKCS#11, AnyConnect,
GnuTLS version: 3.3.22
Thanks
More information about the openconnect-devel
mailing list