On Tue, 2015-05-19 at 08:51 +0200, Nikos Mavrogiannopoulos wrote: > On Tue, May 19, 2015 at 6:10 AM, Kevin Cernekee <cernekee at gmail.com> wrote: > > > Is that for the input type's label or the message field in config-auth > > > section? > > Label only. AFAICT it is using the message field for display purposes > > only, not as part of the hash. > > I'm wondering whether setting the label to that string or changing the > name would actually help the client. I don't think that's the case. If > you receive a second prompt for a password with the same label/name a > pop up would have to be brought anyway because it is either the first > input password that is wrong, or an otp. Also, even if ocserv would > provide a unique name, it wouldn't help in the otp case if you > remember and send both passwords in batch mode. Maybe it would make > sense to remember only the first password prompt in batch mode, and > become interactive otherwise? Remember, if we can *recognise* an OTP prompt, we can automatically fill in the OTP too. It doesn't have to be interactive. -- David Woodhouse Open Source Technology Centre David.Woodhouse at intel.com Intel Corporation -------------- next part -------------- A non-text attachment was scrubbed... Name: smime.p7s Type: application/x-pkcs7-signature Size: 5691 bytes Desc: not available URL: <http://lists.infradead.org/pipermail/openconnect-devel/attachments/20150519/322a13c3/attachment.bin>
