[15624] in Kerberos_V5_Development
Re: prompter type question
daemon@ATHENA.MIT.EDU (Jeffrey Hutzelman)
Sat Mar 20 21:41:19 2010
Date: Sat, 20 Mar 2010 21:41:02 -0400
From: Jeffrey Hutzelman <jhutz@cmu.edu>
To: Nicolas Williams <Nicolas.Williams@sun.com>,
Sam Hartman <hartmans@mit.edu>
Message-ID: <E4F65500B144363AB3E81448@atlantis.pc.cs.cmu.edu>
In-Reply-To: <20100318201720.GQ18167@Sun.COM>
MIME-Version: 1.0
Content-Disposition: inline
Cc: MIT Kerberos Dev List <krbdev@mit.edu>, jhutz@cmu.edu
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Errors-To: krbdev-bounces@mit.edu
--On Thursday, March 18, 2010 03:17:20 PM -0500 Nicolas Williams
<Nicolas.Williams@sun.com> wrote:
> On Thu, Mar 18, 2010 at 04:14:56PM -0400, Sam Hartman wrote:
>> >>>>> "Nicolas" == Nicolas Williams <Nicolas.Williams@sun.com> writes:
>>
>> Nicolas> On Thu, Mar 18, 2010 at 01:17:37PM -0500, Will Fiveash
>> wrote:
>> >> typedef struct _krb5_prompt { char *prompt; int hidden; krb5_data
>> >> *reply; } krb5_prompt;
>>
>> Nicolas> Arguably a PREAUTH type prompt with hidden set would be a
>> Nicolas> prompt for a PIN or OTP, while a PREAUTH type prompt with
>> Nicolas> hidden unset would be an informative prompt of some kind
>> Nicolas> (any kind).
>>
>> Hmm.
>> I'd expect that hidden would be clear for OTP and possibly pin.
>
> I wouldn't! I'd expect prompts for secrets to be echo-off.
I'd expect echo for an OTP response, if it's at all complicated, since the
user doesn't actually _know_ it the way you (or your fingers) know a PIN or
password, and complex data entry without echo can be quite error-prone.
I would not expect echo for a PIN.
-- Jeff
_______________________________________________
krbdev mailing list krbdev@mit.edu
https://mailman.mit.edu/mailman/listinfo/krbdev