Hi,
My company uses OTP for vpn authentication and I have a problem reconnecting, because snx-rs forcibly stores password into keyring in command mode.
First problem - password stored even if authentication failed, so following login attempts do not provie password prompt.
Second problem - even if authentication was successful, on following connections snx-rs uses old OTP stored in keyring and it fails.
I see several approaches to solving problems above:
Introduce option to omit using keyring. This one is quite simple to implement
Introduce logic to clear keyring record in case of failed login attempt. It would be nice to relogin in background with credentials provided through configuration or command line prompt. Failed login vpn response in my case is Error: [101 CPSC_SECURID_USER_DENIED] Access denied - wrong user name or password.
Somehow figure out which auth type is used (OTP or password) and make decision to store or not password in keyring. Don't think this one is doable, but worth mentioning.
In my case login_options_list has following items:
login_options_list
I think an additional option to disable keyring is the simplest one.
Checkpoint has a lot of options and I was mostly relying on the implementation we use in the company which is convenient for me personally :)
Hi, My company uses OTP for vpn authentication and I have a problem reconnecting, because snx-rs forcibly stores password into keyring in command mode. First problem - password stored even if authentication failed, so following login attempts do not provie password prompt. Second problem - even if authentication was successful, on following connections snx-rs uses old OTP stored in keyring and it fails.
I see several approaches to solving problems above:
Error: [101 CPSC_SECURID_USER_DENIED] Access denied - wrong user name or password
.login_options_list
has following items:login_options_list
Both Indeed and RSA have OTP auth, but Indeed also requires to provide account password.