SparkLabs Forum

Hi, we use a system where people fill in a username and a yubikey+pincode output as their password. This works fine, but im stuck with a bit of a nuisance in viscosity. Every time I try to connect the VPN, viscosity tries to connect using a previous user/pass. Since this will never work, I have to wait for a timeout and only then can I enter the correct new yubikey code. It doesn't matter if i untick 'dont remember password'. It still does.

Is there a way to tell viscosity to never ever try to automatically fill in a user/pass and try to connect with that?

Hi corbosman,

Using the Username/Password prompt isn't recommended when asking the user for two-factor credentials. Instead OpenVPN's two-factor prompt support (known as "challenge/response") should be used. More information about this, including server setup guides and examples, can be found at the links below:
https://www.sparklabs.com/support/kb/article/yubikey-otp-two-factor-authentication-with-openvpn-and-viscosity/
https://www.sparklabs.com/forum/viewtopic.php?t=1279#p3677

In the meantime, I recommend clearing the existing saved Username/Password from your Keychain, which will force Viscosity to immediately prompt for the login details when connecting. The steps for doing this are the same as listed in the "Keychain Entry Corruption" section in the following article:
https://www.sparklabs.com/support/kb/article/problem-saving-details-into-the-keychain/

If you also want to prevent users from saving a Username and Password, please see:
https://www.sparklabs.com/forum/viewtopic.php?f=9&t=2249&p=6679#p6679

Cheers,
James