On Wed, Apr 19, 2017 at 5:49 AM, David Woodhouse <dwmw2 at infradead.org> wrote: > On Tue, 2017-04-18 at 09:09 -0400, Sean wrote: >> Hi, >> >> Is there a way to configure the network-manager connection file to >> pass the authgroup into openconnect? > > It ought to remember the authgroup that you last used, just as it > remembers usernames. > Yes, I see that it does that on subsquent connections. It looks like that's under the [vpn-secrets] section, so I guess that's good. >> I'm interested in switching from using a shell-script wrapper to run >> openconnect as an unprivileged user to using the >> NetworkManager-Openconnect hack discussed here: >> https://bugzilla.redhat.com/show_bug.cgi?id=1218335, with PKCS#11 >> authentication. >> >> It seems that when connecting to the vpn this way, the PKCS#11 card is >> authenticated, then the GUI returns to a normal login page with an >> Auth Group drop down. If we select the group for smart card users, >> and click login the things seem to work, but it's very confusing to >> end-users. (I manage a lot of linux desktops and laptops for >> semi-linux saavy scientists). > > What happens when you select the 'smart card' authgroup? Does the > username/password prompt go away, and leave you with *only* a login > button? > Yes, it is as you describe. > I suspect there are two problems here. Firstly, perhaps it isn't > automatically switching to the remembered authgroup when initialising > the dialog... and then you're probably going to complain about the fact > that we don't auto-submit, and the user needs to manually press the > 'login' button even when all the required information is present. > There's an RFE bug for that somewhere in GNOME bugzilla already... I'm not sure "complain" is the right word for what I would do, I apologize if that's how my query came off. I do expect some of the end-users I support will require training, to ensure they're not confused the first few times they use it. That's manageable, which is good enough for me, no complaints necessary :)
