challenge
Challenge directive for sending challenge responses in multi-factor authentication
challenge
Instead of simply accepting or rejecting, the server responds with a challenge. This is used in multi-factor authentication scenarios where the client must provide additional credentials or perform extra steps before access is granted.
Syntax
challenge;
challenge "prompt message";
Message handling
When the challenge action includes a message, it sets the aaa.challenge-message variable. This is distinct from aaa.message, which is used for Accept/Reject responses:
aaa.challenge-messagecontains the one-time challenge prompt (e.g., "Enter password"). This message is consumed after use and not reused across authentication rounds.aaa.messagecontains persistent reply messages for Accept/Reject responses that remain available for logging.