kinit sending clear text password
Douglas E. Engert
deengert at anl.gov
Wed Apr 21 09:49:15 EDT 2004
Will Fiveash wrote:
>
> On Tue, Apr 20, 2004 at 01:09:53PM -0700, melissa_benkyo wrote:
> > hello folks,
> >
> > thanks for all the help. I wouldn't have make it here so far without
> > your help. :) thanks. Now I'm trying to use pam api's instead but the
> > thing is pam_krb5 seems to be sending the password in clear text then
> > I tried to use kinit <username> and I was shocked to see the password.
> > (Am I a good hacker or what?) hehehe is it supposed to be like this?
>
> No. First check the docs for using pam_krb5 and GSS-API on
> <http://docs.sun.com> and make sure your program isn't buggy. If that
> isn't the case try pkgchk to see if your binaries have been modified.
> If that isn't the case, file a bug with Sun.
>
> BTW, how did you "see" the password?
As a side comment, the Sun pam_krb5 when passed the debug option writes
the password to syslog! This is not a good praticis even when testing.
>
> --
> Will Fiveash
> Sun Microsystems Inc.
> Austin, TX, USA (TZ=CST6CDT)
> ________________________________________________
> Kerberos mailing list Kerberos at mit.edu
> https://mailman.mit.edu/mailman/listinfo/kerberos
--
Douglas E. Engert <DEEngert at anl.gov>
Argonne National Laboratory
9700 South Cass Avenue
Argonne, Illinois 60439
(630) 252-5444
More information about the Kerberos
mailing list