[ https://issues.apache.org/jira/browse/SSHD-762?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16125311#comment-16125311 ]
Li Fangning commented on SSHD-762: ---------------------------------- Hi, Goldstein Thank you very much. But... uh, it was my mistake not to describe the issue accurately. The issue I encountered was at the Server side, not the Client side. Look at the following code: {code:java} sshd.setKeyboardInteractiveAuthenticator(new KeyboardInteractiveAuthenticator() { @Override public InteractiveChallenge generateChallenge(ServerSession session, String username, String lang, String subMethods) { InteractiveChallenge ic = new InteractiveChallenge(); ic.setInteractionName("interactionName1"); ic.setInteractionInstruction("interactionInstruction1"); ic.setLanguageTag("en-US"); ic.addPrompt("Old Password: ", false); ic.addPrompt("New Password: ", false); ic.addPrompt("Re-enter Password", false); return ic; } @Override public boolean authenticate(ServerSession session, String username, List<String> responses) throws Exception { // How to verify that the old password is correct, and then prompt to enter new password or to reject login?? return false; } }); {code} With the 'KeyboardInteractiveAuthenticator' and 'InteractiveChallenge' interface, I can not achieve multiple interactions with the client, all prompts added by 'InteractiveChallenge#addPrompt' were sent to the client at once. I tracked the source code, and found that the 'org.apache.sshd.server.auth.keyboard.UserAuthKeyboardInteractive' may need to be modified to achieve this requirement. Thanks. > Keyboard Interactive Authentication only supports one-time interaction > ---------------------------------------------------------------------- > > Key: SSHD-762 > URL: https://issues.apache.org/jira/browse/SSHD-762 > Project: MINA SSHD > Issue Type: Improvement > Affects Versions: 1.6.0 > Reporter: Li Fangning > Assignee: Goldstein Lyor > Priority: Minor > Fix For: 1.7.0 > > > The _org.apache.sshd.server.auth.keyboard.KeyboardInteractiveAuthenticator_ > interface only support one-time interaction with the client. > Therefore, some features can not be achieved, such as the scenario of the > expiration of user's password. > See the second authentication example of [RFC > 4256|https://www.ietf.org/rfc/rfc4256.txt]. > Regards -- This message was sent by Atlassian JIRA (v6.4.14#64029)