appending OATH code to password?

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Hi all,
I frequently connect to a VPN that uses TOTP-based 2FA. The TOTP code 
*must* be entered by appending it to the user-entered password.

>From the command line I can jury-rig a way to do this:

# (echo -n MYPASSWORD; oathtool --totp TOTP_SECRET) | openconnect -u 
USERNAME vpn-gateway.client.com --passwd-on-stdin

Per the cstp_can_gen_tokencode() function 
(http://git.infradead.org/users/dwmw2/openconnect.git/blob/HEAD:/auth.c#l87
3), OpenConnect generates OATH TOTP/HOTP codes *only* in response to a form 
field named secondary_password, and generates SecurID codes *only* in 
response to a form field named "password" or "answer".

I think it'd be useful to offer an option to customize the form field that 
receives OATH or SecurID code, perhaps including the option to append the 
token to another field.

I'm imagining something like this, where --token-field=+password means: 
append the token to the "password" field.

# openconnect -u USERNAME vpn-gateway.client.com --token-mode=totp --token-
secret=TOTP_SECRET \
    --token-field=+password

If this would be a desirable feature, I'll take a crack at writing a patch 
for it.

Thanks,
Dan Lenski




[Index of Archives]     [Linux Samsung SoC]     [Linux Rockchip SoC]     [Linux Actions SoC]     [Linux for Synopsys ARC Processors]     [Linux NFS]     [Linux NILFS]     [Linux USB Devel]     [Video for Linux]     [Linux Audio Users]     [Yosemite News]     [Linux Kernel]     [Linux SCSI]


  Powered by Linux