kinit sending clear text password
Mike Friedman
mikef at ack.Berkeley.EDU
Wed Apr 21 11:58:39 EDT 2004
On Wed Apr 21 05:59:17 2004, melissa_benkyo said:
> I'm just using the kinit that comes from sun I'm not programming yet
> by seeing I meant being able to see the typed in password when I
> snooped or used ethereal.
> r-xr-xr-x 1 root bin 15768 Sep 8 2003 /usr/bin/kinit
Melissa,
Are you sure that you're not running kinit on a machine to which you're
first connected in a non-secure manner? You may be sniffing the password
as it passes between your local workstation (where you typed it) and the
machine on which you're actually executing kinit.
Just a thought.
Mike
------------------------------------------------------------------------------
Mike Friedman System and Network Security
mikef at ack.Berkeley.EDU 2484 Shattuck Avenue
1-510-642-1410 University of California at Berkeley
http://ack.Berkeley.EDU/~mikef http://security.berkeley.edu
------------------------------------------------------------------------------
More information about the Kerberos
mailing list