On Tue, May 19, 2015 at 6:10 AM, Kevin Cernekee <cernekee at gmail.com> wrote: >> Is that for the input type's label or the message field in config-auth >> section? > Label only. AFAICT it is using the message field for display purposes > only, not as part of the hash. I'm wondering whether setting the label to that string or changing the name would actually help the client. I don't think that's the case. If you receive a second prompt for a password with the same label/name a pop up would have to be brought anyway because it is either the first input password that is wrong, or an otp. Also, even if ocserv would provide a unique name, it wouldn't help in the otp case if you remember and send both passwords in batch mode. Maybe it would make sense to remember only the first password prompt in batch mode, and become interactive otherwise?
