how to make ocserv do totp 2FA?

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On Tue, 2015-05-19 at 08:51 +0200, Nikos Mavrogiannopoulos wrote:
> On Tue, May 19, 2015 at 6:10 AM, Kevin Cernekee <cernekee at gmail.com> wrote:
> > > Is that for the input type's label or the message field in config-auth
> > > section?
> > Label only.  AFAICT it is using the message field for display purposes
> > only, not as part of the hash.
> 
> I'm wondering whether setting the label to that string or changing the
> name would actually help the client. I don't think that's the case. If
> you receive a second prompt for a password with the same label/name a
> pop up would have to be brought anyway because it is either the first
> input password that is wrong, or an otp. Also, even if ocserv would
> provide a unique name, it wouldn't help in the otp case if you
> remember and send both passwords in batch mode. Maybe it would make
> sense to remember only the first password prompt in batch mode, and
> become interactive otherwise?

Remember, if we can *recognise* an OTP prompt, we can automatically
fill in the OTP too. It doesn't have to be interactive.


-- 
David Woodhouse                            Open Source Technology Centre
David.Woodhouse at intel.com                              Intel Corporation
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/x-pkcs7-signature
Size: 5691 bytes
Desc: not available
URL: <http://lists.infradead.org/pipermail/openconnect-devel/attachments/20150519/322a13c3/attachment.bin>


[Index of Archives]     [Linux Samsung SoC]     [Linux Rockchip SoC]     [Linux Actions SoC]     [Linux for Synopsys ARC Processors]     [Linux NFS]     [Linux NILFS]     [Linux USB Devel]     [Video for Linux]     [Linux Audio Users]     [Yosemite News]     [Linux Kernel]     [Linux SCSI]


  Powered by Linux