Subject: Re: Login failure with libssh2-1.2.2 and SuSE Enterprise 10 Linux

Re: Login failure with libssh2-1.2.2 and SuSE Enterprise 10 Linux

From: Peter Stuge <peter_at_stuge.se>
Date: Tue, 15 Dec 2009 23:43:36 +0100

Daniel Stenberg wrote:
> From a program's point of view, password and keyboard-interactive
> really aren't very different. At least from what I understand after
> having quickly glanced over what the docs say

They are logically absolutely different.

Password is just that - a password to authenticate the user.

Kbdint is absolutely arbitrary and is used to allow the server to run
any kind of dialog with the user that it wants. This can be a
password (we talked about localized prompts on IRC) but it can also
be an OTP prompt, or a digital signature challenge, or something
completely different.

It is an absurdly bad idea for applications to attempt to parse
kbdint prompts. Read RFC4256 if you think you need to support kbdint.

This is not the OpenSSH mailing list, but sshd configuration is not
completely simple. If you want PAM to do auth you may well be forced
to use kbdint.

//Peter
_______________________________________________
libssh2-devel http://cool.haxx.se/cgi-bin/mailman/listinfo/libssh2-devel
Received on 2009-12-15