On Mon, 2015-05-18 at 13:13 -0700, Kevin Cernekee wrote: > BTW you'll probably want to make sure something in the login form > (e.g. the password prompt) distinguishes between the alphanumeric > password entry and the OTP entry. Both for user interaction reasons, > and because OpenConnect wants to be able to uniquely identify each > form field in order to save passwords locally. That cannot be really done with PAM, or I can't think of a simple way to do it. You only get prompts with a message, and you don't know if PAM asks the same password again or a new one. What may be distinct in the form that ocserv sends is the <message/> field. regards, Nikos
