Now it's much much better :) On Mon, Feb 17, 2014 at 2:20 AM, Nikos Mavrogiannopoulos <nmav at gnutls.org> wrote: > On 02/16/2014 05:35 PM, Kevin Cernekee wrote: >> On Sun, Feb 16, 2014 at 7:32 AM, Nikos Mavrogiannopoulos >> <nmav at gnutls.org> wrote: >>> On 02/16/2014 10:25 AM, Steve wrote: >>>> AnyConnect iOS client, input wrong password when connect will lead to >>>> "unexpected error" after a long time(5-8s) other than reprompt user >>>> credential input. >>> What is the expected error to be sent from anyconnect servers when a >>> wrong password is sent? >> On ocserv I see a "503 Service Unavailable" response and the client gives up. >> On nearly all ASAs I see a "200 OK" HTTP response and a "Login failed" >> message. Like a login form on a website. > > It seems it was easier to fix than I though. I've now handled the same > way as PAM. The plain module allows for a number of failed attempts > before bailing out. > > regards, > Nikos >