I do not believe it is much difficult. I also do not believe I am going to work on something like that, but if there is an MR I will certainly review it. On January 15, 2020 10:44:29 AM UTC, Florian Domain <domain.florian@xxxxxxxxx> wrote: >Hi, > >Indeed, it works with a passcode entry. However the push notification >on mobile device is really nice for the user experience. >How difficult would it be to move ocserv's security module to a >multi-threaded architecture ? Is it a complete rework ? > >I'm also getting in touch with a DUO software engineer to grab more >info on this issue. > >Regards, > >Florian D. > >Le mar. 14 janv. 2020 à 09:04, Nikos Mavrogiannopoulos ><n.mavrogiannopoulos@xxxxxxxxx> a écrit : >> >> On Mon, Jan 13, 2020 at 4:55 PM Florian Domain ><domain.florian@xxxxxxxxx> wrote: >> > >> > Hi Nikos, >> > >> > Thanks for your reply. >> > >> > I did some tests with two users trying to connect at the same time, >> > and ocserv is not blocking at username/password/LDAP stages, but >only >> > when duo has sent its notification to user's device. So as you >said, >> > it may be a limitation of the duo PAM module. >> >> Interesting. Seeing the log it may be that this module blocks until a >> response has been received off-the-line. That means that ocserv's >> architecture of co-routines for PAM cannot really accommodate it for >> multiple users. The module itself can be changed to ask for a user >> confirmation on PIN entry similarly to asking for a password but >> accepting any input (inconvenient but it will allow multiple users to >> login), or alternatively ocserv's security module could be moved to a >> multi-threaded architecture (for PAM only or for all requests). >> >> regards, >> Nikos -- Sent from my mobile. Please excuse my brevity. _______________________________________________ openconnect-devel mailing list openconnect-devel@xxxxxxxxxxxxxxxxxxx http://lists.infradead.org/mailman/listinfo/openconnect-devel
