On Fri, Jan 10, 2020 at 1:30 PM Florian Domain <domain.florian@xxxxxxxxx> wrote: > > Hi all, > > We're using ocserv with 2 factor authentication (LDAP and Duo, very > similar to what is described here > https://ocserv.gitlab.io/www/recipes-ocserv-2fa.html#Duo). > > I found out that on a single ocserv server, when a login process is in > progress for a user and waiting for Duo user's approval on a > smartphone, ocserv is not able to handle a second user authentication > during this period, and it has to wait for the first authentication to > end. > Login process for this 2nd user will never prompt and the connection > will just be aborted after a few seconds. Do you have some debugging output of that case, i.e., two users trying to connect and one stalling for long? It could be that this is a limitation of the PAM handling in duo or so rather than ocserv. > Has anyone experienced a similar issue ? Is it due to ocserv design ? > Maybe not allowing parallelism in user authentication ? A single process is handling authentication and there are certain limitations in auth b/w due to that, but it is not blocking in any way waiting for user input. Once input is necessary it requests for it, and context switches to the next user. regards, Nikos _______________________________________________ openconnect-devel mailing list openconnect-devel@xxxxxxxxxxxxxxxxxxx http://lists.infradead.org/mailman/listinfo/openconnect-devel
