Re: vpnc fails when password is expiring

From: Dan Williams <dcbw redhat com>
To: KodaK <sakodak gmail com>
Cc: networkmanager-list gnome org
Subject: Re: vpnc fails when password is expiring
Date: Thu, 25 Jul 2013 14:13:45 -0500

On Wed, 2013-07-24 at 16:23 -0500, KodaK wrote:

I'm running the following in RHEL6:

NetworkManager-glib-0.8.1-43.el6.x86_64
NetworkManager-0.8.1-43.el6.x86_64
NetworkManager-vpnc-0.8.0-1.git20100411.el6.x86_64
NetworkManager-gnome-0.8.1-43.el6.x86_64

When I try to connect to our VPN when the password is expiring, the
cisco box displays a message similar to "Your password expires in 14
days.  Would you like to change it now?" and then NetworkManager
chokes.

This forces me to change my password prematurely.  This almost always
happens to coincide with weekends where I'm on call.

I'm at wit's end.  I've been looking through my box to try and find
where this dialog is handled, and the only thing I can find is a
binary nm-vpnc-auth-dialog.  I can't find any documentation on this,
or how I can force it to do what I want.  I can't find any expect
scripts (which is what I would expect, ha!)  I've worn out the
googles.  I keep going in circles and I haven't seen anyone else with
this exact problem.  (Not saying it's not out there, I just haven't
found it.)


Unfortunately vpnc is not very cooperative in being controlled by
another process and thus this fails when vpnc wants more information.
Due to this deficiency with vpnc, NM-vpnc runs vpnc in "one-shot" mode
and if there's any additional information required, the vpnc process
will terminate ("non-interactive can't re-use secrets" is typically the
message).

I've recently done some work in NM and NM-vpnc to handle server requests
for information, and that's under review right now in the
dcbw/vpn-need-secrets (for NM git) and dcbw/need-secrets (NM-vpnc git)
branches.  This depends on patches to vpnc itself that aren't picked up
yet, to allow vpnc to take input from a controlling process and not
always read a tty.

Can you run vpnc with "Debug 99" and reply with the sequence that it
uses to present this question?  I'm interested in the specific prompt
vpnc prints out when this happens, so that I can account for it in these
branches.  Is the message "Answer for VPN xxx xxx:"?

Dan

Follow-Ups:
- Re: vpnc fails when password is expiring
  - From: KodaK

References:
- vpnc fails when password is expiring
  - From: KodaK

[Date Prev][Date Next] [Thread Prev][Thread Next] [Thread Index] [Date Index] [Author Index]