Am Fr, 20.12.2019 um 18:05 schrieb Anton Kiryushkin <swood@fotofor.biz>:
Yes, I can, but you didn't answer the question: does it possible to run exec and use generated code during the authorisation?
I did answer the question. Please pay attention.
You can run the "exec" module anywhere. Just list it in the "authorize" section. That's done for ANY module.
Yes, again, but I can't trigger it in advance in order to send the OTP code. I hoped on a miracle. Merry Christmas!
I don't think that's possible. When you see a packet in FR the ASA already sent the auth-request so you can't have the just created SMS TAN in it -- so the first request hast to fail somehow, tell the ASA to ask again, now hopefully with the correct TAN in the password. I wouldn't like such a solution :). There should be some outband-way to request a TAN. Also your SMS-solution might by easily abused but just sending many auth-requests to the VPN. /Steffen -- Steffen Klemer E-Mail: steffen.klemer@gwdg.de Tel: +49 551 201 2170 ------------------------------------------------------------------ GWDG - Gesellschaft für wissenschaftliche Datenverarbeitung mbH Göttingen Am Faßberg 11, 37077 Göttingen Service-Hotline: Tel: +49 551 201-1523 E-Mail: support@gwdg.de Kontakt: Tel: 0551 201-1510 Fax: 0551 201-2150 E-Mail: gwdg@gwdg.de WWW: https://www.gwdg.de ------------------------------------------------------------------ Geschäftsführer: Prof. Dr. Ramin Yahyapour Aufsichtsratsvorsitzender: Prof. Dr. Christian Griesinger Sitz der Gesellschaft: Göttingen Registergericht: Göttingen, Handelsregister-Nr. B 598 ------------------------------------------------------------------ Zertifiziert nach ISO 9001 ------------------------------------------------------------------