[
https://issues.apache.org/jira/browse/SSHD-762?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16124921#comment-16124921
]
Goldstein Lyor commented on SSHD-762:
-------------------------------------
This is not entirely true - it is not easy to do this with the existing code,
but you can register a {{PasswordIdentityProvider}} at the {{ClientSession}}
level that returns an {{Iterable<String>}} of "passwords" which somehow
communicates with the {{ClientSession}} and returns a "next" password by
contacting the user. I agree though, that this should be simplified somehow
(don't know though when I will have the time for it).
Specifically, for password expiration, there is support via
{{PasswordChangeRequiredException}} that can be thrown from the server's
{{PasswordAuthenticator}} - see [RFC-4252 section 8 -
SSH_MSG_USERAUTH_PASSWD_CHANGEREQ|https://www.ietf.org/rfc/rfc4252.txt]
> Keyboard Interactive Authentication only supports one-time interaction
> ----------------------------------------------------------------------
>
> Key: SSHD-762
> URL: https://issues.apache.org/jira/browse/SSHD-762
> Project: MINA SSHD
> Issue Type: Improvement
> Affects Versions: 1.6.0
> Reporter: Li Fangning
> Priority: Minor
>
> The _org.apache.sshd.server.auth.keyboard.KeyboardInteractiveAuthenticator_
> interface only support one-time interaction with the client.
> Therefore, some features can not be achieved, such as the scenario of the
> expiration of user's password.
> See the second authentication example of [RFC
> 4256|https://www.ietf.org/rfc/rfc4256.txt].
> Regards
--
This message was sent by Atlassian JIRA
(v6.4.14#64029)
