openconnect stoken support not working properly with our form

Andy Wang dopey at
Mon Nov 13 12:15:15 PST 2017

On Mon, Nov 13, 2017 at 12:22 PM, Kevin Cernekee <cernekee at> wrote:
> The PIN and timestamp are the two main factors (assuming you don't
> have a bunch of different token seeds / rc files lying around).
> The PIN will only affect 4 digits of the tokencode:
> $ stoken --force --pin 0000 ; stoken --force --pin 9999
> 83862206
> 83861195
> If it helps, you can modify the openconnect code to print out the time
> being passed to the library, and simulate it from the command line
> like this:
> $ stoken --force --pin 0000 --use-time=`date +%s`
> 20276056

I tried adding:
+       fprintf(stderr,"%d %s %s\n",vpninfo->token_time,
vpninfo->stoken_pin, tokencode);
to do_gen_stoken_code and got the following output (token redacted):
1510603286 (null) <token>
running stoken --force --use-time=1510603286
and I get a totally different value.

There's only a single stokenrc file.  I have a pin 0000 saved in the
stokenrc file.


More information about the openconnect-devel mailing list