prevent user from saving credentials

Hi, I’m new to the forum but have been a long-time Viscosity user. I currently have about 25 licensed clients out in the field.

I realize that I may have overlooked something given how simple my request sounds, but I cannot figure out how to prevent end users from saving their password/credentials. I need to FORCE them to type it every single time, no exceptions. We are using TLS+user auth (radius), and it is the radius credientials that I want to keep from being saved. There is no pin/password on the client certificate. Can anyone offer a solution either within the viscosity config (preferably protected from user reconfiguration) or within the OpenVPN server side config?

Thank you.

Hi isaachuff,

You can disable Viscosity from remembering details from the Terminal/Command Prompt like so:

For Mac:

defaults write com.viscosityvpn.Viscosity KeyChainSupport -bool false

For Windows:

“C:\Program Files\Viscosity\Viscosity.exe” SetPref PasswordStorageSupport false

You can then pull the options and bundle them:
http://www.sparklabs.com/support/bundling_viscosity/
http://www.sparklabs.com/support/viswin_bundle_viscosity/

If you’re happy with Viscosity still remembering just the last username used you can also to turn on Viscosity’s RememberUsername option like so:

For Mac: Run the following command from the Terminal (/Applications/Utilities/Terminal.app):

defaults write com.viscosityvpn.Viscosity RememberUsername -bool true

For Windows: Run the following command from the command line (or a Run dialog):

“C:\Program Files\Viscosity\Viscosity.exe” SetPref RememberUsername true

Regards,
Eric

Thank you, that is helpful.

Is there any support for setenv ALLOW_PASSWORD_SAVE 0 or something similar? It would be especially useful if it could be a push/pull from the server side.

Hi isaachuff,

I’m afraid not, this option needs to be bundled with the client.

Regards,
Eric