On Thu, 2013-03-07 at 18:39 -0500, John Morrissey wrote: > The patch below adds TOTP (RFC6238) one-time password support to > OpenConnect. Thanks. This looks good. I'll look over it a bit more carefully in the morning. > A couple notes: > > - I changed some of the CLI options and vpninfo structure members to make > the use of "stoken" (as in libstoken) vs "software token" a bit less > ambiguous. --stoken is still accepted on the command line for backwards > compatibility. That seems to make sense. > - openconnect_set_stoken_mode no longer accepts the use_stoken argument > and instead always tries to initialize libstoken when called. This > makes sense in openconnect(8), but I'm not sure how much of a concern > this API change is for upstream consumers of libopenconnect. I also > wasn't sure how to account for this in libopenconnect.map.in. You can't account for it. It's an ABI break and it would take us to libopenconnect.so.3. I'd like to avoid this change, if possible. Admittedly, I don't think anyone is *using* the existing functions from a GUI; I certainly haven't seen any NetworkManager-openconnect patches go by which implement stoken support there. But that isn't really the point. There are consumers of this library that I *don't* keep a close eye on, like kde-plasma-networkmanagement and Shimo. > Other than that, I think it does what it says on the box. It builds when > libstoken (only) is present, libstoken and liboath are both present, and > when neither library is present. I don't have a SecureID installation to > actually test with, but the code changes to the libstoken path are minimal, > so I think they're OK. I've already received complaints about the way that stoken support is automatically built if libstoken is present, and silently omitted if not. It would be nice to have a --disable-oath argument to configure: http://www.gentoo.org/proj/en/qa/automagic.xml -- dwmw2 -------------- next part -------------- A non-text attachment was scrubbed... Name: smime.p7s Type: application/x-pkcs7-signature Size: 6171 bytes Desc: not available URL: <http://lists.infradead.org/pipermail/openconnect-devel/attachments/20130307/a0841cb8/attachment-0001.bin>
