prompter type question

Jeffrey Hutzelman jhutz at
Sat Mar 20 21:41:02 EDT 2010

--On Thursday, March 18, 2010 03:17:20 PM -0500 Nicolas Williams 
<Nicolas.Williams at> wrote:

> On Thu, Mar 18, 2010 at 04:14:56PM -0400, Sam Hartman wrote:
>> >>>>> "Nicolas" == Nicolas Williams <Nicolas.Williams at> writes:
>>     Nicolas> On Thu, Mar 18, 2010 at 01:17:37PM -0500, Will Fiveash
>>     wrote:
>>     >> typedef struct _krb5_prompt { char *prompt; int hidden; krb5_data
>>     >> *reply; } krb5_prompt;
>>     Nicolas> Arguably a PREAUTH type prompt with hidden set would be a
>>     Nicolas> prompt for a PIN or OTP, while a PREAUTH type prompt with
>>     Nicolas> hidden unset would be an informative prompt of some kind
>>     Nicolas> (any kind).
>> Hmm.
>> I'd expect that hidden would be clear for OTP and possibly pin.
> I wouldn't!  I'd expect prompts for secrets to be echo-off.

I'd expect echo for an OTP response, if it's at all complicated, since the 
user doesn't actually _know_ it the way you (or your fingers) know a PIN or 
password, and complex data entry without echo can be quite error-prone.

I would not expect echo for a PIN.

-- Jeff

More information about the krbdev mailing list