Password and Keyboard Interactive Authentication
Reflection for Secure IT server supports both password and keyboard interactive authentication by default. Configure keyboard interactive authentication from the Password pane.
| Authentication method | Description |
|---|---|
| Password | Prompts the client user for the login password for that user on the Secure Shell server host. The password is sent to the host through the encrypted channel. |
| Keyboard interactive | Supports any procedure in which authentication data is entered using the keyboard, including simple password authentication, thereby enabling the Secure Shell client to support a range of authentication mechanisms, such as RSA SecurID tokens or RADIUS servers. A client administrator could, for example, configure keyboard interactive authentication to handle situations in which multiple prompts are required, such as for password updates. Keyboard data is sent to the host through the encrypted channel. |
Password Pane
From the server console, click Configuration > Authentication > Password to configure both traditional password authentication and keyboard interactive authentication.
Note
Items on this pane can be configured globally or as part of a subconfiguration.
Password authentication
| Option | Description |
|---|---|
| Allow | When Password authentication using keyboard interactive is not selected, the server allows only traditional password authentication. When Password authentication using keyboard interactive is selected, the server allows both traditional password authentication and keyboard interactive authentication. |
| Require | When Password authentication using keyboard interactive is not selected, the server requires traditional password authentication. When Password authentication using keyboard interactive is selected, the server requires keyboard interactive authentication. |
| Deny | Denies both password authentication and keyboard interactive authentication, regardless of whether Password authentication using keyboard interactive is selected. |
Note
When Password authentication using keyboard interactive is not selected, the settings below apply only to traditional password authentication; when it is selected, these settings also apply to keyboard interactive authentication.
| Setting | Description |
|---|---|
| Number of password attempts | If the client is configured to allow a larger number of attempts, the client user sees the larger number of prompts, but the value specified here sets the actual limit. If the client is configured to allow a smaller number of attempts, the client sets the actual limit. |
| Delay between tries (seconds) | Sets the number of seconds the server should wait to send between prompts. |
| Permit empty passwords | Empty passwords must also be supported in your Windows Group Policy configuration. |
| Allow password change | Specifies whether users are allowed to change their password. |
More information