Hi, On Thu, Feb 8, 2018 at 2:21 PM, blz <blz.mar...@gmail.com> wrote: > On 2/7/2018 13:00 PM, Selva Nair wrote: > > One way for the GUI to handle the current situation is to not take the first > AUTH_FAILED seriously (i.e keep the saved password) when auth-token is in > use. But I would consider that a hack. > > > In general it seems like it is rarely a good idea to just modify > user-entered information, especially without asking first. Many programs > like graphical sftp/ftp clients, web browsers, VNC and RDP clients, and many > others that I've seen over the years usually don't just up and clear the > saved password upon failure, but leave it up to the user to update if > needed. This seems to prevent problems like when an account might be > temporarily disabled/inaccessible, or maintenance/testing is being performed > making some/all accounts inaccessible, where it it will resume working as it > was before in the near future.
Ideally, the server should not return AUTH_FAILED in such cases. Note that we do not clear password for any kind of connection error but only for AUTH_FAILED with no indication of a dynamic challenge in the pipeline. That said, if not clearing password would give a better UX, we could definitely do it. In the latest GUI version we do add a warning message to the dialog saying password failed which may be enough. Selva ------------------------------------------------------------------------------ Check out the vibrant tech community on one of the world's most engaging tech sites, Slashdot.org! http://sdm.link/slashdot _______________________________________________ Openvpn-users mailing list Openvpn-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/openvpn-users
