[15626] in Kerberos_V5_Development
Re: prompter type question
daemon@ATHENA.MIT.EDU (Will Fiveash)
Mon Mar 22 16:43:33 2010
Date: Mon, 22 Mar 2010 15:42:14 -0500
From: Will Fiveash <will.fiveash@oracle.com>
To: Nicolas Williams <Nicolas.Williams@Sun.COM>
Message-ID: <20100322204214.GA14765@sun.com>
Mail-Followup-To: Nicolas Williams <Nicolas.Williams@Sun.COM>,
Jeffrey Hutzelman <jhutz@cmu.edu>, Sam Hartman <hartmans@mit.edu>,
MIT Kerberos Dev List <krbdev@mit.edu>
MIME-Version: 1.0
Content-Disposition: inline
In-Reply-To: <20100321193214.GF19496@Sun.COM>
Cc: Sam Hartman <hartmans@mit.edu>, MIT Kerberos Dev List <krbdev@mit.edu>,
Jeffrey Hutzelman <jhutz@cmu.edu>
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Errors-To: krbdev-bounces@mit.edu
On Sun, Mar 21, 2010 at 02:32:14PM -0500, Nicolas Williams wrote:
> On Sat, Mar 20, 2010 at 09:41:02PM -0400, Jeffrey Hutzelman wrote:
> > --On Thursday, March 18, 2010 03:17:20 PM -0500 Nicolas Williams
> > >>
> > >>Hmm.
> > >>I'd expect that hidden would be clear for OTP and possibly pin.
> > >
> > >I wouldn't! I'd expect prompts for secrets to be echo-off.
> >
> > I'd expect echo for an OTP response, if it's at all complicated,
> > since the user doesn't actually _know_ it the way you (or your
> > fingers) know a PIN or password, and complex data entry without echo
> > can be quite error-prone.
>
> Perhaps. I use an OTP and a challenge/response OTP from time to time.
> I've never needed echo on.
I've found it handy to have echo on when using the token card that
generates a longish OTP for IKE authentication. It is easy to mistype
given this is a 10 (I think) character string that differs each time I
authenticate.
--
Will Fiveash
Oracle
http://opensolaris.org/os/project/kerberos/
_______________________________________________
krbdev mailing list krbdev@mit.edu
https://mailman.mit.edu/mailman/listinfo/krbdev