connection.auth-retries

[Greg Oliver <oliver greg gmail com>]

Hi,

I use a lot of VPN connections to work on our customers.  I have run into one minor annoyance (more with the customer, but I cannot tell them how to provision their stuff).

I use openconnect to get to them and they use 2FA, so I must change the pin code each time.  For most customers this is fine, I tell it to save passwords and it fails 3 times and then asks me.  This customer has the password lockout set to 2 on their domain controller, so it locks me out. 

I know, I know - just do not save the passwords, but you can imagine the types of passwords some customers set for vendor VPN access, so it really is a pain to type (takes me almost a minute sometimes).

I investigated the connection today and (actually in all my connections) the connection.auth-retries is always -1

Does this mean that it uses some baked in openconnect or NM default?  If I change it to 1, will it ask for a new password after the first failure and let me work around this?

TiA

-Greg