prevent user from saving credentials

Got a problem with Viscosity or need help? Ask here!

isaachuff

Posts: 2
Joined: Thu Jan 05, 2017 9:21 am

Post by isaachuff » Thu Jan 05, 2017 9:31 am
Hi, I'm new to the forum but have been a long-time Viscosity user. I currently have about 25 licensed clients out in the field.

I realize that I may have overlooked something given how simple my request sounds, but I cannot figure out how to prevent end users from saving their password/credentials. I need to FORCE them to type it every single time, no exceptions. We are using TLS+user auth (radius), and it is the radius credientials that I want to keep from being saved. There is no pin/password on the client certificate. Can anyone offer a solution either within the viscosity config (preferably protected from user reconfiguration) or within the OpenVPN server side config?

Thank you.

Eric

User avatar
Posts: 906
Joined: Sun Jan 03, 2010 3:27 am

Post by Eric » Thu Jan 05, 2017 1:50 pm
Hi isaachuff,

You can disable Viscosity from remembering details from the Terminal/Command Prompt like so:

For Mac:

defaults write com.viscosityvpn.Viscosity KeyChainSupport -bool false

For Windows:

"C:\Program Files\Viscosity\Viscosity.exe" SetPref PasswordStorageSupport false

You can then pull the options and bundle them:
http://www.sparklabs.com/support/bundling_viscosity/
http://www.sparklabs.com/support/viswin ... viscosity/

If you’re happy with Viscosity still remembering just the last username used you can also to turn on Viscosity's RememberUsername option like so:

For Mac: Run the following command from the Terminal (/Applications/Utilities/Terminal.app):

defaults write com.viscosityvpn.Viscosity RememberUsername -bool true

For Windows: Run the following command from the command line (or a Run dialog):

"C:\Program Files\Viscosity\Viscosity.exe" SetPref RememberUsername true

Regards,
Eric
Eric Thorpe
Viscosity Developer

Web: http://www.sparklabs.com
Support: http://www.sparklabs.com/support
Twitter: http://twitter.com/sparklabs

isaachuff

Posts: 2
Joined: Thu Jan 05, 2017 9:21 am

Post by isaachuff » Fri Jan 06, 2017 2:32 am
Thank you, that is helpful.

Is there any support for setenv ALLOW_PASSWORD_SAVE 0 or something similar? It would be especially useful if it could be a push/pull from the server side.

Eric

User avatar
Posts: 906
Joined: Sun Jan 03, 2010 3:27 am

Post by Eric » Fri Jan 06, 2017 8:06 am
Hi isaachuff,

I'm afraid not, this option needs to be bundled with the client.

Regards,
Eric
Eric Thorpe
Viscosity Developer

Web: http://www.sparklabs.com
Support: http://www.sparklabs.com/support
Twitter: http://twitter.com/sparklabs
4 posts Page 1 of 1