On 2026/02/05 11:20, Damien Miller wrote:
> Hi,
> 
> This is another vestigial bit of support for the !privsep case in
> sshd. All direct access to the KbdintDevice should happen in the
> unprivileged ssh-auth process and should therefore be done by RPC
> into the privileged monitor. This means using the mm_* functions
> unconditionally.
> 
> Would appreciate if someone who uses BSD authentication (e.g.
> login_yubikey or login_ldap) could test this.

Yes, this still works. Tested with totp via login_oath.