Hi, I am using another vpn which is powered by offical Cisco ASA Firewall, That's prompt the username and password together. The client config was the same as the one using ocserv, plain username and password. Actually, that's service was using an one-time password and the password was transfered through the connect url, so end-user just open a website and do login stuff and finally the website redirect to the connect url as I mentioned above. The connect url contained pre-fill username and password so end-user neither need to care about the password nor input the password. But while using ocserv with plain auth mode, the connect url was not working and end-user must input the password manually. And I found the username was pre-fill ok, it becomes prompt one time for password only instead of two prompt, username and password. So I am thinking about if we send the auth form including username and password field together, the client will act pre-fill well. As I was not using the certificate auth mode, end-user need to input the password manually, that's quite annoying 2014-11-30 17:21 GMT+08:00 Nikos Mavrogiannopoulos <nmav at gnutls.org>: > On Sun, 2014-11-30 at 04:37 +0000, horsley wrote: >> I want to ask why ocserv using plain authentication response the auth xml in two >> step? >> >> first is Please enter your username > [...] >> it's still prompt for password.(username is prefill ok but password are not) >> so why not send the complete auth request including user and password in >> the xml form together? > > Hi, > If I understand what you are describing correctly, that was done in > early versions of ocserv. However, that does not tie well with PAM which > has its own prompts, which may even prompt to change a password. So the > short answer, is so that it can be integrated with PAM. > > regards, > Nikos > >
