My employer is migrating away from certificate authentication, and for some vpn groups, wants to use two factor authentication. Anyconnect apparently supports the notion of a "secondary password", and we've configured the first password to check our active directory, and the second to use a radius server which validates codes from our vasco digipass tokens. The login form in this situation looks like this: <banner></banner> <message>Please enter your username and password.</message> <form method="post" action="/+webvpn+/index.html"> <input type="text" name="username" label="Username:" /> <input type="password" name="password" label="Password:" /> <input type="password" name="secondary_password" label="Password:" second-auth="1" /> <input type="hidden" name="tgroup" value="SII-PRIV" /> <input type="submit" name="Login" value="Login" /> <input type="reset" name="Clear" value="Clear" /> </form> I managed to get something that works, but it's a bit ugly, and I was curious if anyone has ideas on how this scenario should be handled in a more generic fashion. Thanks. -------------- next part -------------- A non-text attachment was scrubbed... Name: openconnect-two-passwords.diff Type: text/x-diff Size: 1739 bytes Desc: URL: <http://lists.infradead.org/pipermail/openconnect-devel/attachments/20100922/ad468ce7/attachment.bin>