Hi, On Tue, Aug 07, 2018 at 03:38:43PM -0400, Selva Nair wrote: > > If I press return at the challenge prompt, it seems the SCRV1: string > > is not formed the way the plugin wants it, and I end up with > > > > pass=SCRV1%3AMTE5NQ%3D%3D > > How to format this if response is empty is not clearly documented > but my impression was that the second ':' (%3A) is required. > > management-notes.txt specifies the format as > > password "Auth" "SCRV1:<BASE64_PASSWORD>:<BASE64_RESPONSE>"
OK, so something is bugged, and it seems it's not the plugin.
> When password is read from stdin, its formatted as (from misc.c line 358)
>
> buf_printf(&packed_resp, "SCRV1:%s:%s", pw64, resp64);
>
> So that should also contain the second colon.
This is a bit surprising. So "something" is eating it between
"openvpn command line client", "openvpn server" and "plugin-auth-pam".
Interesting.
> > in the LinOTP URL - so, it didn't decode it, because the second ':'
> > was missing (if I put a blank in there, I get pass=mypin%20).
> >
> > Is this intentional? Should it be that way?
>
> If you are constructing the SCRV1: line using a custom UI,
> I would suggest to add the second colon. If using Windows-GUI or running
> OpenVPN from command line we'll need to fix this one place
> or the other.
Command line client (git:master/5961250e776194a4, what I happened to
have lying around), run with a config file that has
auth-user-pass
auth-nocache
auth-retry interact
static-challenge "token value: " 1
in it, and pressing <return> at the
CHALLENGE: token value: _
prompt.
gert
--
"If was one thing all people took for granted, was conviction that if you
feed honest figures into a computer, honest figures come out. Never doubted
it myself till I met a computer with a sense of humor."
Robert A. Heinlein, The Moon is a Harsh Mistress
Gert Doering - Munich, Germany [email protected]
signature.asc
Description: PGP signature
------------------------------------------------------------------------------ Check out the vibrant tech community on one of the world's most engaging tech sites, Slashdot.org! http://sdm.link/slashdot
_______________________________________________ Openvpn-devel mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/openvpn-devel
