kinit sending clear text password

Will Fiveash william.fiveash at Sun.COM
Tue Apr 20 17:51:58 EDT 2004


On Tue, Apr 20, 2004 at 01:09:53PM -0700, melissa_benkyo wrote:
> hello folks, 
> 
> thanks for all the help. I wouldn't have make it here so far without
> your help. :) thanks. Now I'm trying to use pam api's instead but the
> thing is pam_krb5 seems to  be sending the password in clear text then
> I tried to use kinit <username> and I was shocked to see the password.
> (Am I a good hacker or what?) hehehe is it supposed to be like this?

No.  First check the docs for using pam_krb5 and GSS-API on
<http://docs.sun.com> and make sure your program isn't buggy.  If that
isn't the case try pkgchk to see if your binaries have been modified.
If that isn't the case, file a bug with Sun.

BTW, how did you "see" the password?

-- 
Will Fiveash
Sun Microsystems Inc.
Austin, TX, USA (TZ=CST6CDT)


More information about the Kerberos mailing list