[jira] [Commented] (SSHD-762) Keyboard Interactive Authentication only supports one-time interaction

Mon, 14 Aug 2017 00:06:42 -0700 

    [ 
https://issues.apache.org/jira/browse/SSHD-762?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16125311#comment-16125311
 ] 

Li Fangning commented on SSHD-762:
----------------------------------

Hi, Goldstein

Thank you very much.
But... uh, it was my mistake not to describe the issue accurately.

The issue I encountered was at the Server side, not the Client side.
Look at the following code:

{code:java}
sshd.setKeyboardInteractiveAuthenticator(new KeyboardInteractiveAuthenticator() 
{
    @Override
    public InteractiveChallenge generateChallenge(ServerSession session, String 
username, String lang,
        String subMethods) {
        InteractiveChallenge ic = new InteractiveChallenge();
        ic.setInteractionName("interactionName1");
        ic.setInteractionInstruction("interactionInstruction1");
        ic.setLanguageTag("en-US");
        ic.addPrompt("Old Password: ", false);
        ic.addPrompt("New Password: ", false);
        ic.addPrompt("Re-enter Password", false);
        return ic;
    }
    @Override
    public boolean authenticate(ServerSession session, String username, 
List<String> responses) throws Exception {
        // How to verify that the old password is correct, and then prompt to 
enter new password or to reject login??
        return false;
    }
});
{code}

With the 'KeyboardInteractiveAuthenticator' and 'InteractiveChallenge' 
interface, I can not achieve multiple interactions with the client, all prompts 
added by 'InteractiveChallenge#addPrompt' were sent to the client at once.

I tracked the source code, and found that the 
'org.apache.sshd.server.auth.keyboard.UserAuthKeyboardInteractive' may need to 
be modified to achieve this requirement.

Thanks.

> Keyboard Interactive Authentication only supports one-time interaction
> ----------------------------------------------------------------------
>
>                 Key: SSHD-762
>                 URL: https://issues.apache.org/jira/browse/SSHD-762
>             Project: MINA SSHD
>          Issue Type: Improvement
>    Affects Versions: 1.6.0
>            Reporter: Li Fangning
>            Assignee: Goldstein Lyor
>            Priority: Minor
>             Fix For: 1.7.0
>
>
> The _org.apache.sshd.server.auth.keyboard.KeyboardInteractiveAuthenticator_ 
> interface only support one-time interaction with the client.
> Therefore, some features can not be achieved, such as the scenario of the 
> expiration of user's password.
> See the second authentication example of [RFC 
> 4256|https://www.ietf.org/rfc/rfc4256.txt].
> Regards



--
This message was sent by Atlassian JIRA
(v6.4.14#64029)

Reply via email to