Custom authentication implementation scenarios include the following:
Adding one-time password Support
Performing authentication against a Resource Access Control Facility (RACF)
Adding Simple Authentication and Security Layer (SASL) bind to LDAP-enabled user directories instead of simple LDAP binds
Authentication with challenge/response mechanism may not work well if you implement a custom authentication module. Custom messages thrown by the custom authentication module are not propagated to the clients. Because clients, for example, EPM Workspace, override the error message to display a generic message, the following scenarios are not valid:
Two consecutive RSA SecurID PINs
Password variant with challenges, such as enter first, last, and third characters of password