On 12 December 2019 02:45:43 GMT, Joerg Mayer <jmayer@xxxxxxxxx> wrote: >Hello, > >every N days, openconnect fails because after entering my credentials, >I'd need to change my password, which is not supported in openconnect: > ># openconnect --passwd-on-stdin --printcookie --background >--protocol=nc --user=<user> --resolve=<host>:<ip> --servercert >pin-sha256:<servercerthash> https://<host>/<group> >GET https://<host>/<group> >Connected to <ip>:443 >SSL negotiation with <host> >Server certificate verify failed: signer not found >Connected to HTTPS on <host> >Got HTTP response: HTTP/1.1 302 Found >GET https://<host>/dana-na/auth/url_IdCusHyh0Dq3HApz/welcome.cgi >SSL negotiation with <host> >Server certificate verify failed: signer not found >Connected to HTTPS on <host> >frmLogin >password#2: >POST https://<host>/dana-na/auth/url_IdCusHyh0Dq3HApz/login.cgi >Got HTTP response: HTTP/1.1 302 Moved >GET >https://<host>/dana-na/auth/url_IdCusHyh0Dq3HApz/welcome.cgi?p=passwordChange&stateId=state_598a2539f8f54058a3be22394a409ec6&type=2 >Unknown form ID 'frmChgPasswd' >Dumping unknown HTML form: ><form id="frmChgPasswd_5" autocomplete="off" method="post" >name="frmChgPasswd" action="welcome.cgi"> > <table id="table_PasswordChange_3"> > <input id="username_17" type="hidden" name="username" value="dkx89om"> > <input id="authserver_7" type="hidden" name="authserver" value="3"> > <input id="realmId_7" type="hidden" name="realmId" value="3"> > <input id="p_12" type="hidden" name="p" value="passwordChange"> ><input id="stateId_5" type="hidden" name="stateId" >value="state_598a2539f8f54058a3be22394a409ec6"> > <tr> > <td colspan="2"> </td> > </tr> > <tr> > <td>Old Password</td> ><td><input id="oldPassword_3" type="password" name="oldPassword" >size="20"></td> > <td> </td> > <td> </td> > </tr> > <tr> > <td>New Password</td> ><td><input id="newPassword_3" type="password" size="20" >name="newPassword"></td> > <td> </td> > <td> </td> > </tr> > <tr> > <td>Confirm Password</td> ><td><input id="confirmPassword_3" type="password" size="20" >name="confirmPassword"></td> > <td> </td> > <td> </td> > </tr> > <tr> > <td> </td> ><td><input id="passwordChange_3" type="submit" name="passwordChange" >value="Change Password"></td> > <td> </td> > <td> </td> > </tr> > </table> > </form>Failed to obtain WebVPN cookie > >Password2 is an OTP. > >With older versions of openconnect, I would rerun my wrapper script in >interactive mode and change my password. Looks like this stopped >working. >Please note that this was not necessariliy caused by an openconnect >change >but may have been caused by an update of the serversoftware which >occurred >as well since I was last required to change my password. > >Is there a way to properly handle password change requests in >openconnect? >A workaround is simple enough - connect via browser and change the >password, >but a native solution would be preferred :-) Does it work if you use --protocol=pulse? I have a vague recollection of staring at it and at least *intending* to implement that. And it's probably easier than more vile HTML screen-scraping. For NC I really would like OpenConnect to be able to use a WebView and not be so limited to the standard forms. It would make a good GSoC or similar project. -- Sent from my Android device with K-9 Mail. Please excuse my brevity. _______________________________________________ openconnect-devel mailing list openconnect-devel@xxxxxxxxxxxxxxxxxxx http://lists.infradead.org/mailman/listinfo/openconnect-devel
