kinit sending clear text password

Mike Friedman mikef at ack.Berkeley.EDU
Wed Apr 21 11:58:39 EDT 2004


On Wed Apr 21 05:59:17 2004, melissa_benkyo said:

> I'm just using the kinit that comes from sun I'm not programming yet
> by seeing I meant being able to see the typed in password when I
> snooped or used ethereal.
> r-xr-xr-x   1 root     bin        15768 Sep  8  2003 /usr/bin/kinit

Melissa,

Are you sure that you're not running kinit on a machine to which you're
first connected in a non-secure manner?  You may be sniffing the password
as it passes between your local workstation (where you typed it) and the
machine on which you're actually executing kinit.

Just a thought.

Mike

------------------------------------------------------------------------------
Mike Friedman                             System and Network Security
mikef at ack.Berkeley.EDU                    2484 Shattuck Avenue
1-510-642-1410                            University of California at Berkeley
http://ack.Berkeley.EDU/~mikef            http://security.berkeley.edu
------------------------------------------------------------------------------


More information about the Kerberos mailing list