openconnect stoken support not working properly with our form
Andy Wang
dopey at moonteeth.com
Mon Nov 13 12:15:15 PST 2017
On Mon, Nov 13, 2017 at 12:22 PM, Kevin Cernekee <cernekee at gmail.com> wrote:
> The PIN and timestamp are the two main factors (assuming you don't
> have a bunch of different token seeds / rc files lying around).
>
> The PIN will only affect 4 digits of the tokencode:
>
> $ stoken --force --pin 0000 ; stoken --force --pin 9999
> 83862206
> 83861195
>
> If it helps, you can modify the openconnect code to print out the time
> being passed to the library, and simulate it from the command line
> like this:
>
> $ stoken --force --pin 0000 --use-time=`date +%s`
> 20276056
I tried adding:
+ fprintf(stderr,"%d %s %s\n",vpninfo->token_time,
vpninfo->stoken_pin, tokencode);
to do_gen_stoken_code and got the following output (token redacted):
1510603286 (null) <token>
running stoken --force --use-time=1510603286
and I get a totally different value.
There's only a single stokenrc file. I have a pin 0000 saved in the
stokenrc file.
Thanks,
Andy
More information about the openconnect-devel
mailing list