[15624] in Kerberos_V5_Development

home help back first fref pref prev next nref lref last post

Re: prompter type question

daemon@ATHENA.MIT.EDU (Jeffrey Hutzelman)
Sat Mar 20 21:41:19 2010

Date: Sat, 20 Mar 2010 21:41:02 -0400
From: Jeffrey Hutzelman <jhutz@cmu.edu>
To: Nicolas Williams <Nicolas.Williams@sun.com>,
   Sam Hartman <hartmans@mit.edu>
Message-ID: <E4F65500B144363AB3E81448@atlantis.pc.cs.cmu.edu>
In-Reply-To: <20100318201720.GQ18167@Sun.COM>
MIME-Version: 1.0
Content-Disposition: inline
Cc: MIT Kerberos Dev List <krbdev@mit.edu>, jhutz@cmu.edu
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Errors-To: krbdev-bounces@mit.edu

--On Thursday, March 18, 2010 03:17:20 PM -0500 Nicolas Williams 
<Nicolas.Williams@sun.com> wrote:

> On Thu, Mar 18, 2010 at 04:14:56PM -0400, Sam Hartman wrote:
>> >>>>> "Nicolas" == Nicolas Williams <Nicolas.Williams@sun.com> writes:
>>
>>     Nicolas> On Thu, Mar 18, 2010 at 01:17:37PM -0500, Will Fiveash
>>     wrote:
>>     >> typedef struct _krb5_prompt { char *prompt; int hidden; krb5_data
>>     >> *reply; } krb5_prompt;
>>
>>     Nicolas> Arguably a PREAUTH type prompt with hidden set would be a
>>     Nicolas> prompt for a PIN or OTP, while a PREAUTH type prompt with
>>     Nicolas> hidden unset would be an informative prompt of some kind
>>     Nicolas> (any kind).
>>
>> Hmm.
>> I'd expect that hidden would be clear for OTP and possibly pin.
>
> I wouldn't!  I'd expect prompts for secrets to be echo-off.

I'd expect echo for an OTP response, if it's at all complicated, since the 
user doesn't actually _know_ it the way you (or your fingers) know a PIN or 
password, and complex data entry without echo can be quite error-prone.

I would not expect echo for a PIN.

-- Jeff
_______________________________________________
krbdev mailing list             krbdev@mit.edu
https://mailman.mit.edu/mailman/listinfo/krbdev

home help back first fref pref prev next nref lref last post