There are two-factor authentication solutions where the two factors can be entered at once in a single common input field i.e. PIN+TOKENCODE simply by concatenating the two factors, this way only one input field is used not two separate one.

cheers

Swizz Ly

Gesendet: Mittwoch, 23. November 2016 um 14:31 Uhr
Von: "Mihai Moldovan" <ionic@ionic.de>
An: "swizz ly" <swizz.ly@gmx.ch>
Cc: x2go-user@lists.x2go.org
Betreff: Re: Aw: Re: [X2Go-User] X2Go Two-factor-authentication with SecurID

On 23.11.2016 02:03 PM, swizz ly wrote:
> Thanks for the update. I tried it, it works nicely, many thanks! However, there
> is a small thing: the user has to be aware that the "Password:" in the first
> window is ignored and has nothing to do with the two factor authentication, only
> in the pop-up window with the "Verification code:" should he/she enter the
> two-factor passcode. It might be somewhat confusing for the first time. As a
> small suggestion, I would either use the input from the "Password:" field even
> for the two-factor passcode, or in the pop-up window I would directly copy the
> prompt from the SSH session, in this case "Enter PASSCODE:" instead of
> "Verification code:".

I think that's the way PAM works.

Isn't the idea of 2FA to use both the password and a challenge auth token? Users
will need to supply their password anyway, so I don't see the problem at hand
currently. Do we get two windows, one for the password (or private key
passphrase) and one for the verification code, EVEN THOUGH the password/private
key passphrase has been set directly in the session config or via an SSH agent?

Copying the prompt actually sounds like a good idea, though, yeah.

Mihai