Products
Solutions
Partners
Support
Company
Try Now
Pulse Secure Community
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Killing the Password field on user login page

muttbarker_
Valued Contributor
‎10-15-2008 09:47:AM
‎10-15-2008 09:47:AM

Killing the Password field on user login page

Question - I am working with a customer that does not use passwords on login. They do two factor challenge / response authentication. They would like for me to remove the "Password" field from the default login page.

I am not an HTTP guy and our resource that does this is on vacation. So - I poked through the code and can't find any way to kill this field. Anyone know how I would do this?

Thanks!

0 Kudos
10 REPLIES 10
muttbarker_
Valued Contributor
‎01-29-2008 09:25:AM
‎01-29-2008 09:25:AM

Re: Killing the Password field on user login page

Thanks very much for the code! I will attempt to put my cruddy HTML skills to the test and see if I can make it happen or if I have to wait for my coder guy.

Very much appreciate your help.






Kevin Barker
JNCIP-SEC
JNCIS-ENT, FWV, SSL, WLAN
JNCIA-ER, EX, IDP, UAC, WX
Juniper Networks Certified Instructor
Juniper Networks Ambassador

Juniper Elite Reseller
J-Partner Service Specialist - Implementation

If this worked for you please flag my post as an "Accepted Solution" so others can benefit. A kudo would be cool if you think I earned it.
0 Kudos
kenlars_
Super Contributor
‎10-16-2008 06:28:AM
‎10-16-2008 06:28:AM

Re: Killing the Password field on user login page

Kevin -

As much value as you have brought to this community, hope we can help you out.

I'm confused - what type of two-factor authentication does your customer use? I use RSA SecurID, and the users enter their PIN+token in the password field.

In other words, what is your first authentication against, and is this authentication functional without a password?

Ken

0 Kudos
muttbarker_
Valued Contributor
‎10-16-2008 06:41:AM
‎10-16-2008 06:41:AM

Re: Killing the Password field on user login page

Sorry I was not to clear in my first post. The customer first "logs in" with a user ID only - no password - this is validated against a radius server (Open Radius in this case) that returns a "challenge" token which they then enter into their token generator, create a response and send that back. So on the loginpage.html they only need the username field. They are then taken to a second login screen where the challenge is displayed and they are
prompted to enter in their response.

Slightly different than the standard RSA where you pin+token, or AD password and then token.

Cosmetic - but it is the little things that win the deal Smiley Happy

Thanks!

0 Kudos
kenlars_
Super Contributor
‎10-16-2008 06:45:AM
‎10-16-2008 06:45:AM

Re: Killing the Password field on user login page

So, the first Radius packet to the server has no password in it?
0 Kudos
muttbarker_
Valued Contributor
‎10-16-2008 06:59:AM
‎10-16-2008 06:59:AM

Re: Killing the Password field on user login page

yep - unusual but they consider a user password as superfluous.

0 Kudos
dennish_
Occasional Contributor
‎10-16-2008 07:13:AM
‎10-16-2008 07:13:AM

Re: Killing the Password field on user login page

Don't know if this works, but i think this way you can remove the field:

Change the code from:

<tr>
<td>Password</td>
<td>&nbsp;</td>
<td><input type="password" name="password"size="20"></td>
</tr>

To:

<tr>
<td></td>
<td></td>
<td><input type="hidden" name="password"size="20"></td>
</tr>

I believe it still can post the password value, as an empty string so the post won't go wrong and you won't see the password field. If you need a fixed value (everyone uses same password for example) i think you could do it like this:

<tr>
<td></td>
<td></td>
<td><input type="hidden" name="password" value="secretpassword" size="20"></td>
</tr>

As u mentioned indeed a little unusual request though :-)

G's Dennis

0 Kudos
muttbarker_
Valued Contributor
‎10-16-2008 07:21:AM
‎10-16-2008 07:21:AM

Re: Killing the Password field on user login page

Hey Dennis - thanks for the reply - I am assuming that the page I need to edit is the "loginpage.thtml." I extacted the custom pages - looked at this page in the sample directory and I can't find any code like what you show. I know enough about HTTP to be dangerous and the first thing I did was look for a "password" value on that page. Not finding one led to my question.

What am I missing?

Thanks!!

0 Kudos
dennish_
Occasional Contributor
‎10-16-2008 07:25:AM
‎10-16-2008 07:25:AM

Re: Killing the Password field on user login page

Hmm, i just looked at the parsed pages... i must have been thinking to easy :-) let me see what the custom page code looks like. ill get back on this soon!
0 Kudos
muttbarker_
Valued Contributor
‎10-16-2008 07:31:AM
‎10-16-2008 07:31:AM

Re: Killing the Password field on user login page

Thanks - yes, I saw it there - but where does it come from? That is the mystery... Smiley Surprised
0 Kudos
© 2017 Pulse Secure, LLC. Use of this website assumes acceptance of our Legal Notices and Privacy Policy. Pulse Secure has updated its Privacy Policy effective June 28, 2017.