Daniel Stenberg wrote: > From a program's point of view, password and keyboard-interactive > really aren't very different. At least from what I understand after > having quickly glanced over what the docs say
They are logically absolutely different. Password is just that - a password to authenticate the user. Kbdint is absolutely arbitrary and is used to allow the server to run any kind of dialog with the user that it wants. This can be a password (we talked about localized prompts on IRC) but it can also be an OTP prompt, or a digital signature challenge, or something completely different. It is an absurdly bad idea for applications to attempt to parse kbdint prompts. Read RFC4256 if you think you need to support kbdint. This is not the OpenSSH mailing list, but sshd configuration is not completely simple. If you want PAM to do auth you may well be forced to use kbdint. //Peter _______________________________________________ libssh2-devel http://cool.haxx.se/cgi-bin/mailman/listinfo/libssh2-devel
