reverse password and secondary_password?
Dave Walker
email at daviey.com
Mon Jan 29 07:07:56 PST 2018
Hi,
I'm trying to connect to a VPN, which uses RSA.
I'm trying to connect with a variant of this command:
echo ${PASSWORD} | openconnect "${SERVER}" --authgroup ${GROUP} -u
"${USER}" --token-mode rsa
This provides a non-functional:
</opaque><auth><username>USERNAME</username><password>RSATOKEN</password><secondary_password>PASSWORD</secondary_password></auth><group-select>GROUP</group-select></config-auth>
However, if I do it via hand I am able to login:
</opaque><auth><username>USERNAME</username><password>PASSWORD</password><secondary_password>RSATOKEN</secondary_password></auth><group-select>GROUP</group-select></config-auth>
The password and secondary_password are reversed.
On this page it states the ordering:
http://www.infradead.org/openconnect/token.html
"SecurID token codes will automatically fill in the primary password
field in the authentication form presented by the server" .. "This
behaviour is empirically determined by the requirements of the servers
that we have tested with; if you find a configuration in which it is
not appropriate, please let us know."
This mail is letting you know... is there a workaround?
--
Kind Regards,
Dave Walker
More information about the openconnect-devel
mailing list