Authgroup, PKCS#11 and nm-openconnect...

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On Wed, Apr 19, 2017 at 5:49 AM, David Woodhouse <dwmw2 at infradead.org> wrote:
> On Tue, 2017-04-18 at 09:09 -0400, Sean wrote:
>> Hi,
>>
>> Is there a way to configure the network-manager connection file to
>> pass the authgroup into openconnect?
>
> It ought to remember the authgroup that you last used, just as it
> remembers usernames.
>

Yes, I see that it does that on subsquent connections.  It looks like
that's under the [vpn-secrets] section, so I guess that's good.

>> I'm interested in switching from using a shell-script wrapper to run
>> openconnect as an unprivileged user to using the
>> NetworkManager-Openconnect hack discussed here:
>> https://bugzilla.redhat.com/show_bug.cgi?id=1218335, with PKCS#11
>> authentication.
>>
>> It seems that when connecting to the vpn this way, the PKCS#11 card is
>> authenticated, then the GUI returns to a normal login page with an
>> Auth Group drop down.  If we select the group for smart card users,
>> and click login the things seem to work, but it's very confusing to
>> end-users.  (I manage a lot of linux desktops and laptops for
>> semi-linux saavy scientists).
>
> What happens when you select the 'smart card' authgroup? Does the
> username/password prompt go away, and leave you with *only* a login
> button?
>

Yes, it is as you describe.

> I suspect there are two problems here. Firstly, perhaps it isn't
> automatically switching to the remembered authgroup when initialising
> the dialog... and then you're probably going to complain about the fact
> that we don't auto-submit, and the user needs to manually press the
> 'login' button even when all the required information is present.
> There's an RFE bug for that somewhere in GNOME bugzilla already...

I'm not sure "complain" is the right word for what I would do, I
apologize if that's how my query came off.  I do expect some of the
end-users I support will require training, to ensure they're not
confused the first few times they use it.  That's manageable, which is
good enough for me, no complaints necessary :)



[Index of Archives]     [Linux Samsung SoC]     [Linux Rockchip SoC]     [Linux Actions SoC]     [Linux for Synopsys ARC Processors]     [Linux NFS]     [Linux NILFS]     [Linux USB Devel]     [Video for Linux]     [Linux Audio Users]     [Yosemite News]     [Linux Kernel]     [Linux SCSI]


  Powered by Linux