D18394: Add OTP support for openconnect VPN
Enrique Melendez
noreply at phabricator.kde.org
Sun Apr 7 12:44:23 BST 2019
enriquem added a comment.
In D18394#444795 <https://phabricator.kde.org/D18394#444795>, @jgrulich wrote:
> 1. I'm not sure if the UI for openconnect tokens is correct, I think the QLineEdit for token secret should be on the same line, and you should probably use PasswordField instead? It can be our PasswordField widget from libs/editor/widgets/. Or it's not secret in the same sense as other secrets and it will not need to be saved by secret agent, like rest of passwords? I would also follow nm-connection-editor and make tokens options visible in the main UI, not under specific button.
a) I don't see any need for the QComboBox and theQLineEdit to be in the same line, but that's a matter of taste, not functionality. Both fields are sort of independent: same key works with different OTP options.
b) I agree on the PasswordField, although this being an OTP it really does not matter if anyone sees it.
c) No need to save it. It is used and discarded
d) I tried putting all optins in the main UI. This made the window too tall for the allocated space, so that resizing was necessary or the main window initial size ought be changed. It looked ugly to me. That's why I opted for a separate dialog. I can change it if you think it is important, but, again, it looks ugly to me.
> 2. Your code is full of trailing spaces
Ah, well, what a curse! I'll get rid of them
> 3. How can I try this? Is there any public Openconnect server which I can use to test this?
I set up a server in my own Fedora box with ocserv. With some tweaking of the pam modules along the lines of http://ocserv.gitlab.io/www/recipes-ocserv-2fa.html, https://www.nongnu.org/oath-toolkit/pam_oath.html and http://www.infradead.org/openconnect/token.html I was able to test HOTP and TOTP (that is, I pick a random key and use oathtool or FreeOTP). Yubikeys were triky, since I couldn't validate the OTP. But I modified ocserv to show that the connection scripts were actually providing the correct OTP key. As for RSA, I have no clue as to how to test them, and keys are too expensive for me.
REVISION DETAIL
https://phabricator.kde.org/D18394
To: enriquem, jgrulich
Cc: pino, plasma-devel, jraleigh, GB_2, ragreen, Pitel, ZrenBot, lesliezhai, ali-mohamed, jensreuterberg, abetts, sebas, apol, mart
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mail.kde.org/pipermail/plasma-devel/attachments/20190407/dde20902/attachment.html>
More information about the Plasma-devel
mailing list