On Thu, Jul 17, 2014 at 4:26 PM, Mark Kolmar <mark at burningrome.com> wrote: > The way the authentication works in AnyConnect is that I am prompted for a > username and two passwords. The first password consists of a PIN (let's say > 9999) plus a 6-digit token generated by stoken or RSA SecureID software on > Windows. Let's say 123456. So the first password is like 9999123456. The 2nd > password I think is just the Active Directory / LDAP password for the > username. I used the token generated from stoken to connect successfully > using AnyConnect in Windows. But I am not sure how to use these two > passwords in OpenConnect, or whether this scenario is supported. When you run "stoken show", what PIN mode does it report? If you import your token seed into a mobile phone or the Windows RSA app, does it prompt you for a PIN or does it immediately produce a 6-digit code upon launch? I suspect that we may need to extend the stoken API to tell openconnect that it needs to concatenate PIN + tokencode = passcode. This is a common way of using hard tokens, but many soft tokens are set up to generate an 8-digit tokencode that already incorporates the PIN. > I gave up on NetworkManager-OpenConnect 0.9.10 because the GUI under Network Connections -> VPN was unavailable. Hmm, that's not so good either. When you linked nm-openconnect 0.9.10, was the latest libopenconnect.so.3 from the 6.00 release already installed on your system? Or is there a possibility that it got built against the old libopenconnect.so.2?
