Hi, On Tue, Aug 07, 2018 at 08:59:37PM +0200, Gert Doering wrote: > > v2: Depends on the base64 export patch > > v3: match password string with "SCRV1:" instead of "SCRV1" > > (pointed out by Joe Bell <[email protected]>) > > Nicely works and does what it says on the lid. So...
Talking to myself a lot, lately...
Found an interesting caveat which should be addressed, I think.
Our system (LinOTP) knows "PIN+OTP" or "PIN" as valid input, the
latter leading to "send me a token by SMS/e-mail/...".
If I press return at the challenge prompt, it seems the SCRV1: string
is not formed the way the plugin wants it, and I end up with
pass=SCRV1%3AMTE5NQ%3D%3D
in the LinOTP URL - so, it didn't decode it, because the second ':'
was missing (if I put a blank in there, I get pass=mypin%20).
Is this intentional? Should it be that way?
gert
--
"If was one thing all people took for granted, was conviction that if you
feed honest figures into a computer, honest figures come out. Never doubted
it myself till I met a computer with a sense of humor."
Robert A. Heinlein, The Moon is a Harsh Mistress
Gert Doering - Munich, Germany [email protected]
signature.asc
Description: PGP signature
------------------------------------------------------------------------------ Check out the vibrant tech community on one of the world's most engaging tech sites, Slashdot.org! http://sdm.link/slashdot
_______________________________________________ Openvpn-devel mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/openvpn-devel
