When the users use their token to enter a PPP password, there is no indication. When they are setting up a telnet connection, they do get messages like PASSCODE: or Next CODE:
I know the issue as we are using ACS / ACE as well. Our server communicate through TACACS+. I have not found a solution other than disabling and re-enabling the tokens as a fast way to re-enable the Token Card.
With PPP dial in, there is no connection yet, hence it will be impossible to notify the user of anything. He has to do it correct within 5 attempts.
Regards,
Leo