prompter type question
Nicolas Williams
Nicolas.Williams at sun.com
Sun Mar 21 15:32:14 EDT 2010
On Sat, Mar 20, 2010 at 09:41:02PM -0400, Jeffrey Hutzelman wrote:
> --On Thursday, March 18, 2010 03:17:20 PM -0500 Nicolas Williams
> <Nicolas.Williams at sun.com> wrote:
>
> >On Thu, Mar 18, 2010 at 04:14:56PM -0400, Sam Hartman wrote:
> >>>>>>> "Nicolas" == Nicolas Williams <Nicolas.Williams at sun.com> writes:
> >>
> >> Nicolas> On Thu, Mar 18, 2010 at 01:17:37PM -0500, Will Fiveash
> >> wrote:
> >> >> typedef struct _krb5_prompt { char *prompt; int hidden; krb5_data
> >> >> *reply; } krb5_prompt;
> >>
> >> Nicolas> Arguably a PREAUTH type prompt with hidden set would be a
> >> Nicolas> prompt for a PIN or OTP, while a PREAUTH type prompt with
> >> Nicolas> hidden unset would be an informative prompt of some kind
> >> Nicolas> (any kind).
> >>
> >>Hmm.
> >>I'd expect that hidden would be clear for OTP and possibly pin.
> >
> >I wouldn't! I'd expect prompts for secrets to be echo-off.
>
> I'd expect echo for an OTP response, if it's at all complicated,
> since the user doesn't actually _know_ it the way you (or your
> fingers) know a PIN or password, and complex data entry without echo
> can be quite error-prone.
Perhaps. I use an OTP and a challenge/response OTP from time to time.
I've never needed echo on.
> I would not expect echo for a PIN.
Right. I believe we need more prompter types, that we'll eventually
need at least all of these:
- enter password
- enter new password, enter new password again
- insert token
- enter PIN, enter PIN on token PIN pad
- enter OTP
- warning message
- error message
Nico
--
More information about the krbdev
mailing list