Hello! I've read a couple of guidelines regarding MFA with OpenVPN and all of them mention that the 2nd factor could be either sent as password (with client cert auth) or appended to the password string. Well, people tend to enter a password when they see the password field. At the moment the only straightforward and more or less human-friendly way to set up login+password+2fa authentication is to use a kind of 'push token' MFA (so the user confirms login in some mobile application). OTP, password cards and any other way that demands text input from the user demands to much from the users, they need blindly enter the password, then type 2nd factor, can't see what they type and don't even know if authentication failed because of wrong password or wrong OTP numbers (for example). Is it possible to ask the user for the 2nd factor like OpenVPN client asks for login and password and send discrete error messages for password and for 2nd factor failures?
Thank you. -- Bogdan Rudas Director of IT Europe Exadel Inc. http://www.exadel.com/ E-mail: bru...@exadel.com Skype ID: bogdan.rudas -- CONFIDENTIALITY NOTICE: This email and files attached to it are confidential. If you are not the intended recipient you are hereby notified that using, copying, distributing or taking any action in reliance on the contents of this information is strictly prohibited. If you have received this email in error please notify the sender and delete this email.
_______________________________________________ Openvpn-users mailing list Openvpn-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/openvpn-users
