diff --git a/src/behaviour.rs b/src/behaviour.rs
index 207f818f54db0fb1d318187cca66e67874d8cd27..7cb3bddd981c3d33b8e8590937b06fe89fcc80c8 100644
--- a/src/behaviour.rs
+++ b/src/behaviour.rs
@@ -226,7 +226,7 @@ pub trait ServBehaviour {
     ///
     /// Implementations may need to take care to avoid leaking user existence
     /// based on timing.
-    fn auth_unchallenged(&mut self, username: TextString) -> bool {
+    async fn auth_unchallenged(&mut self, username: TextString<'_>) -> bool {
         false
     }
 
diff --git a/src/conn.rs b/src/conn.rs
index e275df9df4f5e2159e709cc04f3d90f9e1e7fac7..ab41414384828f90e0dde81b89a0bdf89b14d866 100644
--- a/src/conn.rs
+++ b/src/conn.rs
@@ -305,7 +305,7 @@ impl<C: CliBehaviour, S: ServBehaviour> Conn<C, S> {
                 if let ClientServer::Server(serv) = &mut self.cliserv {
                     disp.zeroize_payload = true;
                     let sess_id = self.sess_id.as_ref().trap()?;
-                    let success = serv.auth.request(p, sess_id, s, b.server()?)?;
+                    let success = serv.auth.request(p, sess_id, s, b.server()?).await?;
                     if success {
                         self.state = ConnState::Authed;
                     }
diff --git a/src/servauth.rs b/src/servauth.rs
index 4ce8bc4de18850af7dc5fe4230733f3543ac4072..5b701ee552eb89d8972d0ffa417e26f988c2ce1c 100644
--- a/src/servauth.rs
+++ b/src/servauth.rs
@@ -21,11 +21,11 @@ impl ServAuth {
     }
 
     /// Returns `true` if auth succeeds
-    pub fn request(
+    pub async fn request(
         &mut self,
-        mut p: packets::UserauthRequest,
+        mut p: packets::UserauthRequest<'_>,
         sess_id: &SessId,
-        s: &mut TrafSend,
+        s: &mut TrafSend<'_, '_>,
         b: &mut impl ServBehaviour,
     ) -> Result<bool> {
 
@@ -38,9 +38,9 @@ impl ServAuth {
 
         let username = p.username.clone();
 
-        let inner = || {
+        let inner = async {
             // even allows "none" auth
-            if b.auth_unchallenged(p.username) {
+            if b.auth_unchallenged(p.username).await {
                 return Ok(AuthResp::Success) as Result<_>
             }
 
@@ -80,7 +80,7 @@ impl ServAuth {
         };
 
         // failure sends a list of available methods
-        match inner()? {
+        match inner.await? {
             AuthResp::Success => {
                 self.authed = true;
                 s.send(packets::UserauthSuccess {})?;